Microsoft tackles patch management metrics with Project Quant

Microsoft tackles patch management metrics with Project Quant

Summary: In partnership with security analyst Rich Mogull (right), Microsoft is set to roll out a new research project to help businesses compute the total cost of the patch-management cycle, from testing and distributing a fix to user deployment of the patch.According to this Dennis Fisher report on Threatpost, the initiative is called Project Quant and is aimed at providing a full metrics model that Microsoft will make freely available to end users.

SHARE:
TOPICS: Microsoft
3

In partnership with security analyst Rich Mogull (right), Microsoft is set to roll out a new research project to help businesses compute the total cost of the patch-management cycle, from testing and distributing a fix to user deployment of the patch.

According to this Dennis Fisher report on Threatpost, the initiative is called Project Quant and is aimed at providing a full metrics model that Microsoft will make freely available to end users.

The metrics project will be handled Mogull's Securosis, an analyst firm that will do surveys and interviews with end users and will be responsible for building out the model. Securosis recently worked on a security metrics project for Mozilla.

Mogull, a former Gartner analyst will team up with Microsoft's Jeff Jones on the new initiative.

[ SEE: Can Mozilla's security metrics project end the patch-counting nonsense? ]

Here's the skinny on Project Quant:

  • Objective: The objective of Project Quant is to develop a cost model for patch management response that accurately reflects the financial and resource costs associated with the process of evaluating and deploying software updates (patch management).
  • Additional Detail: As part of maintaining their technology infrastructure, all organizations of all sizes deploy software updates and patches. The goal of this project is to provide a framework for evaluating the costs of patch management, while providing information to help optimize the associated processes. The model should apply to organizations of different sizes, circumstances, and industries. Since patch management processes vary throughout the industry, Project Quant will develop a generalized model that reflects best practices and can be adapted to different circumstances. The model will encompass the process from monitoring for updates, to confirming complete rollout of the software updates, and should apply to both workstations and servers. The model should be unbiased and vendor-neutral.
  • Deliverables: The end deliverable will include a written report and a spreadsheet-based model. Additional written material and presentations may be developed to support the project goals.

A big part of Project Quant is the drive for transparency, Mogull says.  All material related to the creation of the model will be publicly released alongside any related data.

Topic: Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Everyone already knows they are wasting their time

    Why not use a spreadsheet to calculate it for yourself? Gee, thanks
    Microsoft for helping us calculate how much time we waste on your
    software. Now, pay me to buy my next laptop, that would make me
    happy.

    Or, actually come out with a decent (OK, too much to ask for, make that
    usable) OS that isn't 8 years old.
    comp_indiana
  • RE: Microsoft tackles patch management metrics with Project Quant

    Hopefully these guys won't be putting me out of a job.

    "We don't need no stinking Patches!"
    Jeff7112
  • RE: Microsoft tackles patch management metrics with Project Quant

    Well done! Thank you very much for professional templates and community edition
    <a href="http://www.yuregininsesi.com">seslisohbet</a> <a href="http://www.yuregininsesi.com">seslichat</a>
    birumut