METHOD, SYSTEM AND COMPUTER PROGRAM FOR DISTRIBUTING SOFTWARE PATCHES
First Claim
1. A method for maintaining a set of software products installed on a plurality of code execution entities, the method including the steps of:
- providing a set of software patches each one for correcting at least one problem by modifying at least one software product, selecting a subset of the patches and at least one target entity for each selected patch according to a catalogue providing an indication of the exposure to the problems by each entity, building a distribution plan, wherein for each selected patch the distribution plan includes an activity for applying a software package on the corresponding target entities, the software package installing the selected patch when applied, submitting the distribution plan for execution, causing each entity to be scanned for determining the corresponding exposure to the problems, and updating the catalogue according to the result of the scanning.
1 Assignment
0 Petitions
Accused Products
Abstract
A software patch management solution (200) is proposed. The devised solution is based on the idea of automating the installation of the patches through a software distribution infrastructure. For this purpose, an automation engine (225) is added to a distribution server (110). The automation engine interfaces with a patch provider (125) acting as a proxy, which stores a local copy of the patches (210) and of a patch catalogue (215) for detecting corresponding vulnerabilities. The automation engine automatically builds a distribution plan for deploying the patches to the relevant endpoints (115), according to a vulnerability catalogue (230) that stores the actual exposures of the endpoints. The distribution plan arranges the required activities in the correct order, so as to minimize the number of rebooting of the endpoints; the distribution plan ends with an activity for scanning the endpoints, so as to update the vulnerability catalogue accordingly.
47 Citations
10 Claims
-
1. A method for maintaining a set of software products installed on a plurality of code execution entities, the method including the steps of:
-
providing a set of software patches each one for correcting at least one problem by modifying at least one software product, selecting a subset of the patches and at least one target entity for each selected patch according to a catalogue providing an indication of the exposure to the problems by each entity, building a distribution plan, wherein for each selected patch the distribution plan includes an activity for applying a software package on the corresponding target entities, the software package installing the selected patch when applied, submitting the distribution plan for execution, causing each entity to be scanned for determining the corresponding exposure to the problems, and updating the catalogue according to the result of the scanning. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer program in a computer readable medium for maintaining a set of software products installed on a plurality of code execution entities, comprising:
-
means for providing a set of software patches each one for correcting at least one problem by modifying at least one software product, means for selecting a subset of the patches and at least one target entity for each selected patch according to a catalogue providing an indication of the exposure to the problems by each entity, means for building a distribution plan, wherein for each selected patch the distribution plan includes an activity for applying a software package on the corresponding target entities, the software package installing the selected patch when applied, means for submitting the distribution plan for execution, means for causing each entity to be scanned for determining the corresponding exposure to the problems, and means for updating the catalogue according to the result of the scanning.
-
-
10. A system for maintaining a set of software products installed on a plurality of code execution entities, comprising:
-
means for providing a set of software patches each one for correcting at least one problem by modifying at least one software product, means for selecting a subset of the patches and at least one target entity for each selected patch according to a catalogue providing an indication of the exposure to the problems by each entity, means for building a distribution plan, wherein for each selected patch the distribution plan includes an activity for applying a software package on the corresponding target entities, the software package installing the selected patch when applied, means for submitting the distribution plan for execution, means for causing each entity to be scanned for determining the corresponding exposure to the problems, and means for updating the catalogue according to the result of the scanning.
-
Specification