Method, system and computer program for distributing software patches

Assignee

• International Business Machines Corporation · US

Inventors

• Enrica Alberti · Roma, IT
• Mauro Arcese · Roma, IT
• Gianluca Bernardini · Roma, IT
• Rosario Gangemi · Lavinio, IT
• Luigi Pichetti · Partinico, IT

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F8/65
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A software patch management solution (200) is proposed. The devised solution is based on the idea of automating the installation of the patches through a software distribution infrastructure. For this purpose, an automation engine (225) is added to a distribution server (110). The automation engine interfaces with a patch provider (125) acting as a proxy, which stores a local copy of the patches (210) and of a patch catalogue (215) for detecting corresponding vulnerabilities. The automation engine automatically builds a distribution plan for deploying the patches to the relevant endpoints (115), according to a vulnerability catalogue (230) that stores the actual exposures of the endpoints. The distribution plan arranges the required activities in the correct order, so as to minimize the number of rebooting of the endpoints; the distribution plan ends with an activity for scanning the endpoints, so as to update the vulnerability catalogue accordingly.