Federal patch service to stop

After a year spent helping federal agencies patch their insecure operating systems, government officials say they plan to leave that role to others.

This week, DHS officials said that the department will get out of the business of distributing security patches because the private sector is better at it than the federal government. Lawrence Hale, deputy director of the United States Computer Emergency Response Team, could not say exactly when the department would stop offering a service called Patch Authentication and Dissemination Capability (PADC). But he suggested that agencies would soon have to find commercial alternatives to the government's free service. Forty-seven federal agencies now use it.

When the federal government began planning the patch distribution service more than three years ago, Hale said that the idea of offering patch management assistance was ahead of its time. But by the time the government had awarded a contract to a company that could provide the service, other commercial alternatives had surpassed the limited offering that the government had contracted.

Many companies now sell patch management as part of an integrated configuration management service that includes vulnerability scanning, patch installation and asset management. The PADC service is for patch installation only. Agencies that use the free service buy the other services separately if they want them, but at prices that are often higher than those of the integrated commercial packages, Hale said.

General Dynamics Corp. and its Veridian Corp. subsidiary provide the government's patch management service under a $10 million contract.

Featured

  • FCW Perspectives
    remote workers (elenabsl/Shutterstock.com)

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

Stay Connected