The Chief Information Officer (CIO) of Company XYZ has returned from a large IT conference where one of the topics was defending against zero day attacks C specifically deploying third party patches to vulnerable software. Two months prior, the majority of the company systems were compromised because of a zero day exploit. Due to budget constraints the company only has operational systems. The CIO wants the Security Manager to research the use of these patches.
Which of the following is the GREATEST concern with the use of a third party patch to mitigate another un-patched vulnerability?
A . The company does not have an adequate test environment to validate the impact of the third party patch, introducing unknown risks.
B . The third party patch may introduce additional unforeseen risks and void the software licenses for the patched applications.
C . The company’s patch management solution only supports patches and updates released directly by the vendor.
D . Another period of vulnerability will be introduced because of the need to remove the third party patch prior to installing any vendor patch.
Answer: A
Leave a Reply