A patch (also sofware patch) is a
|“||[s]egment of program code (individual statements or routines) added to the body of a completed computer program to enhance or amend the program.||”|
|“||[a] modification to software that fixes an error in an application already installed on an IS, generally supplied by the vendor of the software.||”|
Often “[p]atches are developed and released by software vendors when vulnerabilities are discovered.” Patches may be made to a program over time, usually with little consideration given to documentation, readability of the code and logic, or meeting programming standards, if any, established for the program/system as a whole when it was first developed.
|“||[a] patch is the immediate solution to an identified problem that is provided to users; it can sometimes be downloaded from the software maker's Web site. The patch is not necessarily the best solution for the problem, and the product developer often finds a better solution to provide when they package the product for its next release. A patch is usually developed and distributed as a replacement for or an insertion in compiled code (that is, in a binary file or object module). In many operating systems, a special program is provided to manage and track the installation of patches.||”|
Specific software categories Edit
Proprietary operating system vendors (POSV) are constantly providing patches to mitigate vulnerabilities that are discovered. In fact, regularly scheduled monthly patches are published by many POSV to be applied to the appropriate operating system. It is also the case that POSV will, from time to time, publish security patches that should be applied on systems as soon as possible due to the serious nature of the vulnerability.
Systems running in a virtual environment are not exempted from patching. In fact, not only are the operating systems running in a virtual environment to be patched routinely, but often-times the virtualization software itself is exposed to vulnerabilities and thus must be patched either via a vendor-based solution or other technical solution.
Open source operating systems require patch and vulnerability management as well. Due to the open nature of these operating systems there needs to be a reliable distribution point for system administrators to safely and securely obtain the required patches. These patches are available at the specific vendors’ website.
- ↑ U.S. Copyright Office, Compendium of Copyright Office Practices II, §326 (1984) (full-text).
- ↑ Practices for Securing Critical Information Assets, Glossary, at 56.
- ↑ Information Security: Agencies Face Challenges in Implementing Effective Software Patch Management Processes, at 1.
- ↑ NIST Special Publication 800-45, Glossary, at A-2.