GSA awards patch system contract

FedCIRC

Related Links

"Patch it up"

The General Services Administration this month awarded Veridian Corp. a contract to develop a system that will deliver specific software security patches to agencies that need to plug holes in their systems.

The patch dissemination system is expected to help prevent the large number of network intrusions caused by known vulnerabilities and security weaknesses for which vendors have already issued patches, according to GSA officials.

The service, managed by GSA's Federal Computer Incident Response Center and free to all civilian agencies, is expected to be available in February 2003, said Sallie McDonald, assistant commissioner for information assurance and critical infrastructure protection at GSA.

Agencies will submit a profile of the systems and software on their network, so Veridian knows what patches they need. As new security problems are discovered, Veridian will advise agencies on what steps to take until the patch is available and will test the effectiveness of the patch before disseminating it, officials said.

It is very important that "someone is going to test the patches and provide authoritative feedback on what might break," said Alan Paller, director of research at the SANS Institute. Without that assurance, many agency officials would likely not apply patches simply because they would not want to take the chance that another critical system could be affected, he said.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.