X
Business
Home Business Companies Microsoft

Microsoft tackles patch management metrics with Project Quant

In partnership with security analyst Rich Mogull (right), Microsoft is set to roll out a new research project to help businesses compute the total cost of the patch-management cycle, from testing and distributing a fix to user deployment of the patch.According to this Dennis Fisher report on Threatpost, the initiative is called Project Quant and is aimed at providing a full metrics model that Microsoft will make freely available to end users.
Written by Ryan Naraine, Contributor

securosisrichmogull.jpg
In partnership with security analyst Rich Mogull (right), Microsoft is set to roll out a new research project to help businesses compute the total cost of the patch-management cycle, from testing and distributing a fix to user deployment of the patch.

According to this Dennis Fisher report on Threatpost, the initiative is called Project Quant and is aimed at providing a full metrics model that Microsoft will make freely available to end users.

The metrics project will be handled Mogull's Securosis, an analyst firm that will do surveys and interviews with end users and will be responsible for building out the model. Securosis recently worked on a security metrics project for Mozilla.

Mogull, a former Gartner analyst will team up with Microsoft's Jeff Jones on the new initiative.

[ SEE: Can Mozilla's security metrics project end the patch-counting nonsense? ]

Here's the skinny on Project Quant:

  • Objective: The objective of Project Quant is to develop a cost model for patch management response that accurately reflects the financial and resource costs associated with the process of evaluating and deploying software updates (patch management).
  • Additional Detail: As part of maintaining their technology infrastructure, all organizations of all sizes deploy software updates and patches. The goal of this project is to provide a framework for evaluating the costs of patch management, while providing information to help optimize the associated processes. The model should apply to organizations of different sizes, circumstances, and industries. Since patch management processes vary throughout the industry, Project Quant will develop a generalized model that reflects best practices and can be adapted to different circumstances. The model will encompass the process from monitoring for updates, to confirming complete rollout of the software updates, and should apply to both workstations and servers. The model should be unbiased and vendor-neutral.
  • Deliverables: The end deliverable will include a written report and a spreadsheet-based model. Additional written material and presentations may be developed to support the project goals.

A big part of Project Quant is the drive for transparency, Mogull says.  All material related to the creation of the model will be publicly released alongside any related data.

Editorial standards
Show Comments

Related

The Apple Watch Ultra 2 with an Atlantic Blue Nomad Rugged Band.

6 reasons to buy an Apple Watch, according to a wearables expert

Linus Torvalds and Dirk Hohndel, Open Source Summit North America 2024

Linus Torvalds takes on evil developers, hardware errors and 'hilarious' AI hype

Placeholder product image alt text

The best AI image generators to try right now