December 04, 2009, 6:34 PM — WHEN IS THE BEST TIME TO APPLY SECURITY PATCHES? The obvious answer would seem to be ‘right away,' but patches can have bugs, too, so experts recommend testing the patch before deploying it.
"The risk in applying patches too quickly is you may not patch everything, you may forget some systems in the company, because you're rushing them out too fast, and then you don't know what is patched and what isn't patched," says Johannes B. Ullrich, CTO for the SANS Internet Storm Center. But wait too long and an organization risks being attacked by the threat that the patch is meant to protect from, since hackers will racket up their activity shortly after a patch is released knowing that not every company will get to it right away, he says.
Tip: Applying security patches can be a big job in large corporations, so even if they wanted to, many companies couldn't patch immediately. Ullrich recommends companies have patching policies in place that specify when and how to patch that gets the job done reliably and with minimal disruption to business. Typically companies take between a week and a month to apply a given patch, he says.
This is part of ITworld's "Best Time" series. See the full list of Best Times to do all sorts of technology-related things. Think you know the "Best Time" to do something? Send to email@example.com. We'd love to hear from you.