Q

How do I create a repeatable patch testing methodology?

Patch testing is a crucial first step in patch management. Learn how to create a repeatable methodology to improve this process.

I am in the process of creating some kind of repeatable testing methodology that I can use as a test guide or confidence exercise to test patches before deploying them in my customers' live environments. Can you give me some tips that I can use? To what degree should I customize the methodology for each customer?

In my book titled Curing the Patch Management Headache, Chapter 8 is dedicated to testing. The following answer includes some excerpts from that chapter.

Some tips for testing include developing a well-defined testing process. A testing process cannot only minimize time and resources required, but also help minimize the chaotic fallout that might result if required functionality is not accounted for during the testing process, leaving critical production systems that may not operate properly after a patch is deployed.

A high level testing process includes such phases as:

  • Pre-install activities
  • Patch installation
  • Test intended purpose
  • Test primary uses
  • Test secondary uses
  • Testing patch back out
  • Approving deployment

Another tip for testing includes creating a Release Schedule that is based on the Security Priority given to each patch. For example, a patch with a Critical Priority should be implemented within 48 hours with a maximum timeframe of within two weeks. While a Low Priority patch could have a recommended timeframe of one month with a maximum timeframe of two months. Developing a release schedule will assist in ensuring that patches are installed during a required timeframe that is achievable for the organization.

As for customizing the testing methodology, the phases listed above will apply regardless of the organization; however, the procedures may vary from customer to customer depending on their environment, the tool used to deploy the patch, the availability of a lab to conduct testing and the resources that are available to spend the time necessary on preparing the patch for deployment.

This was first published in October 2006

Dig deeper on Threat management and prevention

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close