Home page logo

isn logo Information Security News mailing list archives

Report: Fifty-eight percent of Energy computers went months without bug fixes
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 16 Nov 2012 02:23:04 -0600 (CST)


By Aliya Sternstein
November 15, 2012

A perhaps disturbing summation of the state of federal cyber security: An internal audit found nearly 60 percent of Energy Department desktop computers were missing critical software patches -- and those findings don’t surprise security experts.

Officials risk disrupting agency business by applying patches because fixes likely would require pausing widely used programs, said Patrick Miller, chief executive officer of EnergySec, a federally funded public-private partnership.

The inspector general audit, which was released this week, covered unclassified systems at administrative offices departmentwide.

“It would actually be more damaging to the organization to patch it than to not patch it,” Miller said. “The reality is most organizations, the larger they get, the harder it is for them to manage their patching.” It is unclear whether the department compensated for holes by using other safeguards, such as firewalls.


Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!

  By Date           By Thread  

Current thread:
  • Report: Fifty-eight percent of Energy computers went months without bug fixes InfoSec News (Nov 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]