Go ahead and ignore Patch Tuesday – it might improve your security

Patch Tuesday has rolled around again, but if you don't rush to implement the feast of fixes it delivered, your security won't be any worse off in the short term – and may improve in the future.

That's the opinion of Craig Lawson, a Research Vice President at analyst Gartner, who on Wednesday told the firm's Infrastructure, Operations & Cloud Strategies Conference: "Nobody has ever out-patched threat actors at scale."

We are not in the age of industrialized vulnerability exploitation

Lawson said he has discussed patching with hyperscalers, banks, retailers, and government agencies. None told him they were able to stay on top of patching.

The analyst thinks most organizations therefore can't understand their level of "threat debt" – a measure of technical debt focused on known but unfixed security exposures – but wrongly think accelerating patching efforts is the way to reduce it.

Lawson thinks that's ...