Periodical release of software patches

Apple issues patches approximately every month. Microsoft has decided to go with a strict second-Tuesday-of-each-month patch-release schedule. Oracle does the same thing on a quarterly schedule. Evidence is there. All of these, again, show that the importance of patch management. In December 2004, I have presented my work titled "Security Patch Management Can’t Live with it, Can’t Live Without it" in WITS 2004. In that paper, I and my coauthors Huseyin Cavusoglu and Jun Zhang from Tulane University investigated the periodical release and update policy for the software security patches. We have showed that due to different interests of software vendors and users, we can not reach a socially optimal patch management process unless there is some sort of a coordination mechanism. We also showed that cost sharing or liability can achieve the coordination. More information on WITS 2004, go to its website.

Next-Generation Security Software can publish the details: Sybase says.

Next-Generation Security Software had found six flaws last year in the database maker's products. After NGSSoftware had been scheduled to released its detailed advisories on 22 March, Sybase started a legal fight to stop NGSSoftware publishing the details on the basis of a material breach of the ASE Developer Edition's license agreement. But, there is a happy end in this confrontation as Sybase is dropping its legal threat against NGSSoftware. NGSSoftware has announced that "NGSSoftware believes we have solved the issues with Sybase, and we are working on a joint announcement". To read more.

200,000 customer data may be missing: Ameritrade

Account information of up to 200,000 customers of Ameritrade may have been stolen as a result of a recent incident in which a package containing tapes with back-up information on customer accounts went missing. This once again raises concerns regarding security of backup tapes.