Skip to main content

Information Security: Effective Patch Management is Critical to Mitigating Software Vulnerabilities

GAO-03-1138T Published: Sep 10, 2003. Publicly Released: Sep 10, 2003.
Jump To:
Skip to Highlights

Highlights

Attacks on computer systems--in government and the private sector--are increasing at an alarming rate, placing both federal and private-sector operations and assets at considerable risk. By exploiting software vulnerabilities, hackers can cause significant damage. While patches, or software fixes, for these vulnerabilities are often well publicized and available, they are frequently not quickly or correctly applied. The federal government recently awarded a contract for a government-wide patch notification service designed to provide agencies with information to support effective patching. Forty-one agencies now subscribe to this service. At the request of the Chairman of the Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census, GAO reviewed (1) two recent software vulnerabilities and related responses; (2) effective patch management practices, related federal efforts, and other available tools; and (3) additional steps that can be taken to better protect sensitive information systems from software vulnerabilities.

Full Report

GAO Contacts

Robert (Bob) Dacey
Chief Accountant
Applied Research and Methods

Media Inquiries

Sarah Kaczmarek
Managing Director
Office of Public Affairs

Topics

Automated security systemsComputer crimesComputer security policiesComputer securityComputersCrime preventionCyber securityHackersInformation securityInformation systemsSoftwareStrategic planning