Note: In light of the AWS S3 outage in us-east-1 on February 28, 2017, let's discuss a few things. Amazon's S3 has exemplary availability. Compare that with the time and cost of maintaining package distribution yourself. It's easy to look at S3's outage and conclude that it is better to handle the responsibility yourself. In the same way, it's easy to see news of a plane crash and conclude that driving is more reliable. The feeling of control doesn't always lead to the most reliable outcome. Aptly does provide the ability to serve a repository on its own. See how to front Aptly with nginx in an emergency like the one on Tuesday February 28.
It is an unfortunate fact that many organizations do not routinely perform comprehensive software patching. At Threat Stack, we have confirmed this with our own analysis of how frequently systems are updated, and Verizon’s DIBR shows us that the most commonly exploited vulnerabilities are months or years old.
But patching is one area where following the status quo is a very bad idea. As a best practice, your organization needs a patching strategy to make sure it remains secure, and with that in mind, this post explains how you can adopt a patching strategy that suits your organization’s needs and values.