AP companies open to unofficial patches

Nearly six in 10 organizations in the Asia-Pacific region will consider using a third-party patch to manage vulnerabilities, a new survey has found.

Conducted by patch management vendor PatchLink, the inaugural customer focus study also revealed that 45 percent of organizations worldwide said they would consider implementing an unofficial patch.

Over 300 chief information or security officers, IT managers and network administrators in the Asia-Pacific region, Europe and the United States were interviewed for the survey. Respondents in the region included executives from Hong Kong, India, Malaysia, Singapore, Taiwan and Thailand.

The majority of companies surveyed globally agreed that having regular patch release schedules helped improve their security patch and vulnerability management. However, over 60 percent of the respondents indicated a preference for software vendors to release patches quickly in order to deal with exploits as they emerged, rather than wait for the next patch cycle to come around.

PatchLink also reported that during the Microsoft Windows Meta File episode in January, 30 percent of its customers were in a hurry to contain the problem and had either deployed the unofficial third-party patch that was made publicly available, or the patch which Microsoft had released days ahead of its monthly cycle. The remaining 70 percent chose to wait until PatchLink tested and released its patch.

According to the PatchLink survey, patch management does not appear to be a critical component in some companies' overall security plans--only 44 percent of organizations in the Asia-Pacific region deemed regular patching as useful to their overall security process.