Why patch management is an art, not a science

Malware exists to exploit vulnerabilities discovered in software. Patches exist to fix those vulnerabilities. So why do so many vulnerabilities remain unpatched? Why is patch management so complicated?

Read my column at SecurityIntelligence.

Sadly, security and IT professionals don’t live in a patch-everything-right-away fantasy land. Trade-offs and compromises are dictated by the conflicting priorities and interests within large organizations. People have cognitive biases that prevent them from acting rationally. And not all patches are created equal.

Patch management is very important, and very difficult. Let's face it. Patch management is an art.