Securosis and Microsoft have teamed up and released an Open Patch Management Metrics Model. The purpose of this model is to “provide organizations with a tool to better understand their patching costs.” The model also has ten steps with multiple substeps to help guide an organization through a patch management process framework.
The document can be found on the Securosis website. More information will be released as the model matures and additional organizations contribute to the research. Let the ITKE community know your thoughts on this model and if the metrics are meaningful to your organization.
For myself, I think that the metrics would be good to gather but would be a challenge to maintain when we are always being challenged to do more with less.
Thanks for reading & let’s continue to be good network citizens!