Announcements
Voting is now open!
Members, make your selections in the annual (ISC)² Board of Directors election. Vote Now! Voting is open until Sept. 22.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Is it irresponsible for an organisation to release patches that are not fit for purpose?

Hi All

 

In these days is it not irresponsible for any organisation, no matter how big or small to release patches for their solutions, software without having gone through DevOps or a formal test procedure prior to releasing them to the public?

 

Organisations should never rush to release patches, which potentially could cause damage to existing systems, even if you regime is to never patch for the first seven days.   However, one does depend on the honesty of organisations entrusted to develop systems, to ensure they come clean, and follow good practices.  

 

Do we need some form of penalties for such behaviour?   Unfortunately, everyone depends on the organisation due to massive discounts for software sales, and they simply get away with it - even if you are Microsoft, you should know far better!  Or does that fall under the Consumer act?

 

Regards

 

Caute_Cautim

 

 

2 Replies
Caute_cautim
Community Champion

Re: Is it irresponsible for an organisation to release patches that are not fit for purpose?

Hi All

 

This is the article I was referring too:

 

https://windowsreport.com/bios-update-via-windows-update/

 

Regards

 

Caute_cautim

Tags (1)
tmekelburg1
Community Champion

Re: Is it irresponsible for an organisation to release patches that are not fit for purpose?

Yeah, I would consider not testing patches irresponsible but it's also a two way street. Software companies need to test the patches before releasing them and organizations need to test before implementing them into their production environment. However, we can't hold the organizations responsible for patches on systems they can't control, e.g., the recent Akamai outage caused by an update.  

 


@Caute_cautim wrote:

 

Do we need some form of penalties for such behaviour?   


This is a perfect example of why we have Regulations.