Microsoft patch management a top-level plant-floor concern

by Staff -- Manufacturing Business Technology, 11/1/2004 12:00:00 AM

At the security forum held at the recent ISA Expo 2004, one attendee asked, "DCS and SCADA vendors [using Microsoft technology] issue patches only several weeks after Microsoft has done so. Is there anything that can be done to speed up this process?"

In an interview at ISA that same day, Don Richardson, director, Manufacturing Industry Unit, Microsoft, responded as follows:

"This is a real concern that Microsoft, its ISV partners, and users have to work on together. Manufacturers have to wait until the vendor announces support for the patch or they lose vendor system support. Manufacturers also must know with certainty that their applications and the interfaces with other systems still work after the patch is installed. That can take anywhere from a couple of weeks to a couple of months."

This lag is a real problem because during the intervening time period, it's possible to reverse-engineer the issued patch to discover what vulnerability it's meant to fix and then move to exploit that vulnerability before the patch is actually installed.

"Notwithstanding any legal issues, we believe that the fair practice is to release patches to the developer, customer, and user communities simultaneously," continues Richardson. "This unfortunately means that hackers have equal access to this information, so the race is on to install the patches before any vulnerability can be exploited. Users need to urge the ISVs to take the initiative to respond more quickly. Windows XP Service Pack 2 was announced more than a year ago, the beta was available, and guidance was issued. But when released, some ISVs advised against installing it because they said it would 'break applications.' This needn't have been the case."

More Content

• Blogs
• Webcasts
• Podcasts

Get Lean and Prosper

Mark Graban, Senior consultant with a firm that specializes in Lean and Six Sigma consulting and training
October 16, 2009
Video about Lean Startups
Gov 2.0 Summit 09: Eric Ries, “Lean Startups: Doing More with Less”...
More

PLM and Profitability

Jim Brown, President and founder of Tech-Clarity
October 13, 2009
What I Learned: Single Bill of Material - Holy Grail or Pipe Dream?
What I learned this week … is a thought sparked by a post in the Daily PLM...
More

VIEW ALL BLOGS

  Transform Your Bottom-line by Eliminating the 7 Wastes in Manufacturing

  Discover new ways to share complex product data with your value chain

  7 Ways to Cut Supply Chain Costs Using Manufacturing Test Process Software

  B2B as the Value Engine in Your Supply Chain

  High Tech Manufacturing in the New Reality: How to stay ahead of the game, become more efficient, and remain competitive

» View All Broadcasts

Enterprise PLM


Is your company ready for Enterprise PLM?
Enterprise product life-cycle management (PLM) encompasses nine business processes—among them the much-embraced Design for Supply and Cost. This podcast sets up the relationship between PLM software and Enterprise PLM processes in basic terms, including the bonuses found in time-to-market and product quality.
	Speaker: Sarvesh Jagannivas Vice President of Marketing for Oracle’s Agile PLM software group
	Moderator: Sidney Hill Executive Editor of Manufacturing Business Technology

»VIEW ALL PODCASTS

Talkback

We would love your feedback!

Post a comment

» View All Talkback Threads

Related Content

• Topics
• Author

One-to-One: Microsoft - Helping the World Innovate?

07/24/2008

One-to-One: PTC and Microsoft Get Social with Product Developers

01/29/2009

Microsoft SP2 upgrade impacts manufacturers

10/01/2004

One-to-One: PLM? Microsoft? SOA? Open Source? Aras says yes

06/05/2008

A slap in the wallet: EU imposes record fine for Microsoft’s “unfair benefits”

02/27/2008

Also by this author

• Cyber security for industrial assets

• Companies falling short on environmental impact reductions

• Invensys Operations Management selects PAS Integrity Software for project delivery

• Survey: Manufacturing likely to lag while economy improves

• Software: Making sure the price is right

>>MORE

Sponsored Links

• Resource Center
• Browse Categories
• Browse Companies

Featured Company

• Honeywell

  

  Honeywell Process Solutions is a division of Honeywell Automation and Control Solutions (ACS) and has been a pioneer in automation control for more than 30 years. Honeywell Process Solutions serves several industries, including refining, oil and... more

---

Most Recent Resources

• FICO™ Xpress Optimization Suite Schedules Big Profits For Clients
• Strategic Pricing: Three Steps to Higher Profit Margins
• Driving Innovation Through Lean Product Development Practices
• Demand Planning Maturity Model Strategies for Demand-Driven...
• Simulation-Driven Product Development:Will Form Finally Follow...