Ask the Expert

How do I create a repeatable patch testing methodology?

I am in the process of creating some kind of repeatable testing methodology that I can use as a test guide or confidence exercise to test patches before deploying them in my customers' live environments. Can you give me some tips that I can use? To what degree should I customize the methodology for each customer?

    Requires Free Membership to View

In my book titled Curing the Patch Management Headache, Chapter 8 is dedicated to testing. The following answer includes some excerpts from that chapter.

Some tips for testing include developing a well-defined testing process. A testing process cannot only minimize time and resources required, but also help minimize the chaotic fallout that might result if required functionality is not accounted for during the testing process, leaving critical production systems that may not operate properly after a patch is deployed.

A high level testing process includes such phases as:

  • Pre-install activities
  • Patch installation
  • Test intended purpose
  • Test primary uses
  • Test secondary uses
  • Testing patch back out
  • Approving deployment

Another tip for testing includes creating a Release Schedule that is based on the Security Priority given to each patch. For example, a patch with a Critical Priority should be implemented within 48 hours with a maximum timeframe of within two weeks. While a Low Priority patch could have a recommended timeframe of one month with a maximum timeframe of two months. Developing a release schedule will assist in ensuring that patches are installed during a required timeframe that is achievable for the organization.

As for customizing the testing methodology, the phases listed above will apply regardless of the organization; however, the procedures may vary from customer to customer depending on their environment, the tool used to deploy the patch, the availability of a lab to conduct testing and the resources that are available to spend the time necessary on preparing the patch for deployment.

This was first published in October 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: