Managing software patch installations
First Claim
1. A computer hardware-implemented method of managing software patches, the computer hardware-implemented method comprising:
- receiving, by a computer monitoring hardware system, a notification of a new release of a software patch;
scoring, by the computer monitoring hardware system, a security posture of a monitored computer system, wherein said scoring generates a security posture value based on a set of computer system parameters for the monitored computer system, wherein the set of computer system parameters is described by a set of binary data, wherein the set of computer system parameters comprises a past history of attacks on the monitored computer system, and wherein said scoring is performed by the computer monitoring hardware system utilizing the set of binary data as inputs to a patch control logic within the computer monitoring hardware system;
determining, by the patch control logic within the computer monitoring hardware system, whether the monitored computer system is authorized to install the software patch;
determining, by the patch control logic within the computer monitoring hardware system, whether the security posture value exceeds a predetermined value;
in response to the patch control logic within the computer monitoring hardware system determining that the monitored computer system is authorized to install the software patch, and in response to the patch control logic within the computer monitoring hardware system determining that the security posture value exceeds the predetermined value, retrieving and installing the software patch into the monitored computer system;
determining, by the computer monitoring hardware system, a level of integrity and trustworthiness of data stored on a first computer system and a second computer system, wherein trusted data is deemed to have a high level of integrity and trustworthiness is determined to be accurate by a data audit, wherein accurate data correctly represent facts as ascertained by the data audit, and wherein untrusted data is deemed to have a low level of integrity and trustworthiness if coming from data that have not been formally audited; and
scheduling, by the computer monitoring hardware system, installation of the software patch in a computer system that holds the trusted data before installing the software patch in a computer system that holds the untrusted data.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer hardware-implemented method, system, and/or computer program product manages software patches. A computer monitoring hardware system receives a notification of a new release of a software patch. The computer monitoring hardware system scores a security posture of a monitored computer system to generate a security posture value based on a set of computer system parameters for the monitored computer system. In response to patch control logic within the computer monitoring hardware system determining that the monitored computer system is authorized to install the software patch and that the security posture value exceeds the predetermined value, the computer monitoring hardware system retrieves and installs the software patch in the monitored computer system.
25 Citations
19 Claims
-
1. A computer hardware-implemented method of managing software patches, the computer hardware-implemented method comprising:
-
receiving, by a computer monitoring hardware system, a notification of a new release of a software patch; scoring, by the computer monitoring hardware system, a security posture of a monitored computer system, wherein said scoring generates a security posture value based on a set of computer system parameters for the monitored computer system, wherein the set of computer system parameters is described by a set of binary data, wherein the set of computer system parameters comprises a past history of attacks on the monitored computer system, and wherein said scoring is performed by the computer monitoring hardware system utilizing the set of binary data as inputs to a patch control logic within the computer monitoring hardware system; determining, by the patch control logic within the computer monitoring hardware system, whether the monitored computer system is authorized to install the software patch; determining, by the patch control logic within the computer monitoring hardware system, whether the security posture value exceeds a predetermined value; in response to the patch control logic within the computer monitoring hardware system determining that the monitored computer system is authorized to install the software patch, and in response to the patch control logic within the computer monitoring hardware system determining that the security posture value exceeds the predetermined value, retrieving and installing the software patch into the monitored computer system; determining, by the computer monitoring hardware system, a level of integrity and trustworthiness of data stored on a first computer system and a second computer system, wherein trusted data is deemed to have a high level of integrity and trustworthiness is determined to be accurate by a data audit, wherein accurate data correctly represent facts as ascertained by the data audit, and wherein untrusted data is deemed to have a low level of integrity and trustworthiness if coming from data that have not been formally audited; and scheduling, by the computer monitoring hardware system, installation of the software patch in a computer system that holds the trusted data before installing the software patch in a computer system that holds the untrusted data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer program product for managing software patches, wherein the computer program product comprises:
-
a non-transitory computer readable storage media; first program instructions receive a notification of a new release of a software patch; second program instructions to score a security posture of a monitored computer system, wherein said scoring generates a security posture value based on a set of computer system parameters for the monitored computer system, and wherein the set of computer system parameters comprises a past history of attacks on the monitored computer system; third program instructions to determine whether the monitored computer system is authorized to install the software patch; fourth program instructions to determine whether the security posture value exceeds a predetermined value; fifth program instructions to, in response to determining that the monitored computer system is authorized to install the software patch, and in response to determining that the security posture value exceeds the predetermined value, retrieve and install the software patch into the monitored computer system; sixth program instructions to determine a level of integrity and trustworthiness of data stored on a first computer system and a second computer system, wherein trusted data is deemed to have a high level of integrity and trustworthiness if determined to be accurate by a data audit, and wherein untrusted data is deemed to have a low level of integrity and trustworthiness if coming from data that have not been formally audited; and seventh program instructions to schedule installation of the software patch in a computer system that holds the trusted data before installing the software patch in a computer system that holds the untrusted data; and
whereinthe first, second, third, fourth, fifth, sixth, and seventh program instructions are stored on the non-transitory computer readable storage media.
-
-
19. A system comprising:
-
a processor, a computer readable memory, and a non-transitory computer readable storage media; first program instructions to receive a notification of a new release of a software patch; second program instructions to score a security posture of a monitored computer system, wherein said scoring generates a security posture value based on a set of computer system parameters for the monitored computer system, and wherein the set of computer system parameters comprises a past history of attacks on the monitored computer system; third program instructions to determine whether the monitored computer system is authorized to install the software patch; fourth program instructions to determine whether the security posture value exceeds a predetermined value; fifth program instructions to, in response to determining that the monitored computer system is authorized to install the software patch, and in response to determining that the security posture value exceeds the predetermined value, retrieve and install the software patch into the monitored computer system; sixth program instructions to determine a level of integrity and trustworthiness of data stored on a first computer system and a second computer system, wherein trusted data is deemed to have a high level of integrity and trustworthiness if determined to be accurate by a data audit, and wherein untrusted data is deemed to have a low level of integrity and trustworthiness if coming from data that have not been formally audited; and seventh program instructions to schedule installation of the software patch in a computer system that holds the trusted data before installing the software patch in a computer system that holds the untrusted data; and
whereinthe first, second, third, fourth, fifth, sixth, and seventh program instructions are stored on the non-transitory computer readable storage media for execution by the processor via the computer readable memory.
-
Specification