Periodical release of software patches

Apple issues patches approximately every month. Microsoft has decided to go with a strict second-Tuesday-of-each-month patch-release schedule. Oracle does the same thing on a quarterly schedule. Evidence is there. All of these, again, show that the importance of patch management. In December 2004, I have presented my work titled "Security Patch Management Can’t Live with it, Can’t Live Without it" in WITS 2004. In that paper, I and my coauthors Huseyin Cavusoglu and Jun Zhang from Tulane University investigated the periodical release and update policy for the software security patches. We have showed that due to different interests of software vendors and users, we can not reach a socially optimal patch management process unless there is some sort of a coordination mechanism. We also showed that cost sharing or liability can achieve the coordination. More information on WITS 2004, go to its website.