The 10 Laws of Patch Management

January 14, 2004


Law # 1: Security patches are a fact of life.
Law # 2: It does no good to patch a system that was never secure to begin with.
Law # 3: There is no patch for bad judgment.
Law # 4: You cannot patch what you do not know you have.
Law # 5: The most effective patch is the one you do not have to apply.
Law # 6: A service pack covers a multitude of patches.
Law # 7: All patches are not created equal.
Law # 8: Never base your patching decision on whether you have seen an exploit code … Unless you have seen an exploit code.
Law # 9: Everyone has a patch management strategy, whether they know it or not.
Law #10: Patch management is really Risk Management.

As posted on the
Patch Management Mailing List. Join here.