MANAGING SOFTWARE PATCH INSTALLATIONS
First Claim
1. A computer hardware-implemented method of managing software patches, the computer hardware-implemented method comprising:
- receiving, by a computer monitoring hardware system, a notification of a new release of a software patch;
scoring, by the computer monitoring hardware system, a security posture of a monitored computer system, wherein said scoring generates a security posture value based on a set of computer system parameters for the monitored computer system, wherein the set of computer system parameters is described by a set of binary data, wherein the set of computer system parameters comprises a past history of attacks on the monitored computer system, and wherein said scoring is performed by the computer monitoring hardware system utilizing the set of binary data as inputs to a patch control logic within the computer monitoring hardware system;
determining, by the patch control logic within the computer monitoring hardware system, whether the monitored computer system is authorized to install the software patch;
determining, by the patch control logic within the computer monitoring hardware system, whether the security posture value exceeds a predetermined value; and
in response to the patch control logic within the computer monitoring hardware system determining that the monitored computer system is authorized to install the software patch, and in response to the patch control logic within the computer monitoring hardware system determining that the security posture value exceeds the predetermined value, retrieving and installing the software patch into the monitored computer system.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer hardware-implemented method, system, and/or computer program product manages software patches. A computer monitoring hardware system receives a notification of a new release of a software patch. The computer monitoring hardware system scores a security posture of a monitored computer system to generate a security posture value based on a set of computer system parameters for the monitored computer system. In response to patch control logic within the computer monitoring hardware system determining that the monitored computer system is authorized to install the software patch and that the security posture value exceeds the predetermined value, the computer monitoring hardware system retrieves and installs the software patch in the monitored computer system.
25 Citations
20 Claims
-
1. A computer hardware-implemented method of managing software patches, the computer hardware-implemented method comprising:
-
receiving, by a computer monitoring hardware system, a notification of a new release of a software patch; scoring, by the computer monitoring hardware system, a security posture of a monitored computer system, wherein said scoring generates a security posture value based on a set of computer system parameters for the monitored computer system, wherein the set of computer system parameters is described by a set of binary data, wherein the set of computer system parameters comprises a past history of attacks on the monitored computer system, and wherein said scoring is performed by the computer monitoring hardware system utilizing the set of binary data as inputs to a patch control logic within the computer monitoring hardware system; determining, by the patch control logic within the computer monitoring hardware system, whether the monitored computer system is authorized to install the software patch; determining, by the patch control logic within the computer monitoring hardware system, whether the security posture value exceeds a predetermined value; and in response to the patch control logic within the computer monitoring hardware system determining that the monitored computer system is authorized to install the software patch, and in response to the patch control logic within the computer monitoring hardware system determining that the security posture value exceeds the predetermined value, retrieving and installing the software patch into the monitored computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer program product for managing software patches, wherein the computer program product comprises:
-
a computer readable storage media; first program instructions receive a notification of a new release of a software patch; second program instructions to score a security posture of a monitored computer system, wherein said scoring generates a security posture value based on a set of computer system parameters for the monitored computer system, and wherein the set of computer system parameters comprises a past history of attacks on the monitored computer system; third program instructions to determine whether the monitored computer system is authorized to install the software patch; fourth program instructions to determine whether the security posture value exceeds a predetermined value; and fifth program instructions to, in response to determining that the monitored computer system is authorized to install the software patch, and in response to determining that the security posture value exceeds the predetermined value, retrieve and install the software patch into the monitored computer system; and
whereinthe first, second, third, fourth, and fifth program instructions are stored on the computer readable storage media.
-
-
20. A system comprising:
-
a processor, a computer readable memory, and a computer readable storage media; first program instructions to receive a notification of a new release of a software patch; second program instructions to score a security posture of a monitored computer system, wherein said scoring generates a security posture value based on a set of computer system parameters for the monitored computer system, and wherein the set of computer system parameters comprises a past history of attacks on the monitored computer system; third program instructions to determine whether the monitored computer system is authorized to install the software patch; fourth program instructions to determine whether the security posture value exceeds a predetermined value; and fifth program instructions to, in response to determining that the monitored computer system is authorized to install the software patch, and in response to determining that the security posture value exceeds the predetermined value, retrieve and install the software patch into the monitored computer system; and
whereinthe first, second, third, fourth, and fifth program instructions are stored on the computer readable storage media for execution by the processor via the computer readable memory.
-
Specification