Government's patching system seen as poor

Federal agencies are doing a poor job of keeping their computers up to date with the latest security patches, according to a recent report.

Declan McCullagh Former Senior Writer

Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.

See full bio

Declan McCullagh

June 3, 2004 8:18 a.m. PT

Federal agencies are doing a poor job of keeping their computers up to date with the latest security patches, government auditors reported Wednesday. An analysis from the General Accounting Office says that only four of 24 agencies "monitor all of their systems on a regular basis" to spot computers that need upgrades, and two agencies did not know how to "verify that remote users" have received the latest updates.

The Department of Homeland Security's Federal Computer Incident Response Center once offered agencies a way to obtain information about patches--until that service was discontinued in February "because of low levels of usage" and "negative agency feedback on the usefulness of the service," the auditors said. They recommended that the White House revive the program and require more detailed reporting about how agencies are handling the process of patching their systems to protect against threats like Nimda and Slammer.