Cyber criminals constantly try to hack into vulnerable information technology systems and hardware to gain unauthorized access to data. Usually technology vendors thoroughly test their systems for cybersecurity vulnerabilities; however, hackers are coming up with new ways to exploit systems.
To combat vulnerabilities, vendors develop corrections or fixes for security loopholes or flaws as those become known. These corrections or fixes are applied to systems through “patches.” Patches are common. According to the SysAdmin Audit Network and Security Institute, SANS, a security research and education company: “In the software world, rarely, if ever, is an application developed without having the need to be corrected, upgraded, or modified.”
Cybersecurity is not the only reason to apply patches to a system. In some cases, a patch adds new features. For example, a software update (i.e., patch) for the iPhone added a variety of new features including dark mode, a photos tab, and enhancements to portrait lighting when taking a photo. “Patch management” is the process of identifying, acquiring, installing, and verifying patches for information technology systems. There are many models of what an effective patch management program should look like, but all have certain common characteristics.
* For sources and references, please download the Patch Management follow-up report.(PDF, 610KB)