Information Security News
mailing list archives
Report: Fifty-eight percent of Energy computers went months without bug fixes
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 16 Nov 2012 02:23:04 -0600 (CST)
By Aliya Sternstein
November 15, 2012
A perhaps disturbing summation of the state of federal cyber security:
An internal audit found nearly 60 percent of Energy Department desktop
computers were missing critical software patches -- and those findings
don’t surprise security experts.
Officials risk disrupting agency business by applying patches because
fixes likely would require pausing widely used programs, said Patrick
Miller, chief executive officer of EnergySec, a federally funded
The inspector general audit, which was released this week, covered
unclassified systems at administrative offices departmentwide.
“It would actually be more damaging to the organization to patch it than
to not patch it,” Miller said. “The reality is most organizations, the
larger they get, the harder it is for them to manage their patching.” It
is unclear whether the department compensated for holes by using other
safeguards, such as firewalls.
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
- Report: Fifty-eight percent of Energy computers went months without bug fixes InfoSec News (Nov 16)