Open Patch Management Survey

securosis[1] If you are involved in Patch Management, I’d like to ask for your help and participating in Project Quant. 

Since launching in April, we’ve made some good progress in developing a high level patch cycle and have had some great participation on the forums in exploring the details of the functional elements.

Now we are at a stage where we want to gather information in the context of the Patch Cycle that the community is starting to build consensus around and with that in mind, we’ve launched an open survey at which we’d love to have your partcipation with.  [NOTE:  The survey was developed openly too and you can see the forum discussions if you are interested.]

The goal is to gain an understanding of what people are really doing with regards to patch management, to better align the metrics model with real practices.  We’re doing something different with this survey. All the results will be made public.  We don’t mean the summary results, but the raw data (minus any private or identifiable information that could reveal the source person or organization).  Once we hit 100 responses we will release the data in spreadsheet formats.  Then, either every week or for every 100 additional responses, we will release updated data. We don’t plan on closing this for quite some time, but as with most surveys we expect an initial rush of responses and want to get the data out there quickly.  As with all our material, the results will be licensed under Creative Commons.

We will, of course, provide our own analysis, but we think it’s important for everyone to be able to evaluate the results for themselves.  All questions are optional, but the more you complete the more accurate the results will be.  In two spots we ask if you are open for a direct interview, which we will start scheduling right away. Please spread the word far and wide, since the more responses we collect, the more useful the results.

If you fill out the survey as a result of reading this blog post, please use JJBLOG as the registration code. This is optional and won’t affect the results, but we think it might be interesting to track how people found the survey, and which social media channels are more effective.

As with the rest of this project, the results will be up at

Best regards and thanks, Jeff

About the Author
Jeff Jones

Principal Cybersecurity Strategist

Jeff Jones a 27-year security industry professional that has spent the last decade at Microsoft working with enterprise CSOs and Microsoft's internal teams to drive practical and measurable security improvements into Microsoft products and services. Additionally, Jeff analyzes vulnerability trends Read more »