By Andreas M. Antonopoulos, SVP and Founding Partner, Nemertes Research Inc.

The Issue

Software maintenance has long been recognized as the most expensive part of the software lifecycle. Increased security threats have forced vendors to release software updates (patches) far more often, exacerbating the cost of maintenance. But a bigger problem looms: The most critical servers in an organization are not getting patched because IT managers are extremely reluctant to expose those servers to frequent updates that may cause crashes or software conflicts. How should we reconcile the need to limit server exposure to security threats with the risk inherent in frequent patching?

The complete issue paper is available to Nemertes clients. Non-clients, please contact research@nemertes.com [1]