About two weeks ago I was interviewed by a reporter with SearchWinIT.com on the state of patch management and how Microsoft's policies affected the success of the DST patch push. That article was posted recently to this web site: http://searchwinit.techtarget.com/originalContent/0,289142,sid1_gci1248951,00.html.

From most people I talked with, the key factor in getting the DST patches deployed correctly was a strict adherence to Microsoft's occasionally shifting requirements. Also, and this relates both to the DST patch as well as any patch, my feeling was that those companies that delayed any patching for DST unti the last minute got the best end of the bargain because they could montior for others' issues and alter their strategy to suit.

The author did a pretty good job of paraphrasing my comments from the call, but the comment I like the most (because I really believe it) is this:

One of my answers on how to improve patching -- and one I get a lot of flak for -- is don't be an early adopter of the patches. Let other people find out where the problems are, and then patch. Of course, there is an asterisk [next] to that, and it is that you should have additional protection for your network, something at the perimeter. If you have the right protection, you can wait a week and see where others had problems before you do anything.

Any comments on that one? Do you agree? Let us know!