Method, system and computer program for distributing software patches

Assignee

• International Business Machines Corporation · US

Inventors

• Enrica Alberti · Roma, IT
• Mauro Arcese · Roma, IT
• Gianluca Bernardini · Roma, IT
• Rosario Gangemi · Lavinio, IT
• Luigi Piciietti · Roma, IT

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F8/65
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A software patch management solution is proposed. The devised solution is based on the idea of automating the installation of the patches through a software distribution infrastructure. An automation engine is added to a distribution server. The automation engine interfaces with a patch provider acting as a proxy, which stores a local copy of the patches and of a patch catalogue for detecting corresponding vulnerabilities. The automation engine automatically builds a distribution plan for deploying the patches to the relevant endpoints, according to a vulnerability catalogue that stores the actual exposures of the endpoints. The distribution plan arranges the required activities in the correct order, to minimize the number of rebooting of the endpoints; the distribution plan ends with an activity for scanning the endpoints, to update the vulnerability catalogue accordingly.