Federal patch service to stop

After a year spent helping federal agencies patch their insecure operating systems, government officials say they plan to leave that role to others.

This week, DHS officials said that the department will get out of the business of distributing security patches because the private sector is better at it than the federal government. Lawrence Hale, deputy director of the United States Computer Emergency Response Team, could not say exactly when the department would stop offering a service called Patch Authentication and Dissemination Capability (PADC). But he suggested that agencies would soon have to find commercial alternatives to the government's free service. Forty-seven federal agencies now use it.

When the federal government began planning the patch distribution service more than three years ago, Hale said that the idea of offering patch management assistance was ahead of its time. But by the time the government had awarded a contract to a company that could provide the service, other commercial alternatives had surpassed the limited offering that the government had contracted.

Many companies now sell patch management as part of an integrated configuration management service that includes vulnerability scanning, patch installation and asset management. The PADC service is for patch installation only. Agencies that use the free service buy the other services separately if they want them, but at prices that are often higher than those of the integrated commercial packages, Hale said.

General Dynamics Corp. and its Veridian Corp. subsidiary provide the government's patch management service under a $10 million contract.

Featured

  • Image: Shutterstock

    COVID, black swans and gray rhinos

    Steven Kelman suggests we should spend more time planning for the known risks on the horizon.

  • IT Modernization
    businessman dragging old computer monitor (Ollyy/Shutterstock.com)

    Pro-bono technologists look to help cash-strapped states struggling with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help.

Stay Connected