Secure Patch Management Strategy | Singapore Government Developer Portal
Have feedback? Please

Secure Patch Management Strategy

28 Apr 2022

No software developed is totally secure. As such, organisations must implement security patches to continually address security vulnerabilities and bugs. They should also implement feature updates to improve the usability or performance of the software.

If those patches are not implemented in a timely or effective manner, it may result in security incidents where a malicious actor exploits the underlying software vulnerabilities. Such vulnerabilities in the operating systems and applications can allow attackers to gain unauthorised access or disrupt business delivery. Extra costs may be incurred to remediate the damages done.

IMPLEMENTING AN EFFECTIVE PATCH MANAGEMENT REGIME

An effective patch management process ensures that systems are kept up to date with current patches that are implemented in a timely manner and are verified as effective. Here are the key stages of an effective patch management process:

patch_mgmt

Even with a proper patch management process in place, organisations should remain aware of residual risk areas that may arise from poor patch management. Below are some risk areas and the possible mitigation measures.

patch_mgmt

In summary, organisations should establish and maintain an effective patch management process consisting of the five (5) key stages described in this article. Some risks may still be present even with a proper patch management process in place, but organisations can apply appropriate measures to mitigate them.