August 2007

OMAC: MS MUG gets serious with security patches

Since security is a major issue for users, organizations are continually trying to install patches as quickly as possible. And since quite a few applications manufacturers use are mission critical, users are reluctant to install patches before the software vendors have provided some assurance security patches will not adversely affect the applications. That is why the OMAC Microsoft Manufacturing User Group (MS MUG) has chartered MUGPatch, a subgroup of the MS MUG, to develop a standard way for vendors to provide responses to Microsoft security patches.

Some topics include vocabulary, finding a way to send vendor results to users, standard format for information from vendors, and agreement on when vendors will send data.
 
The MUGPatch subgroup is working with the ISA99 committee on manufacturing and control system security and plans to release the final work in a technical report as part of the ISA99 work. Software vendors need to test to fully report on what affects the Microsoft security patch will have on their software. The end user must weigh pros and cons of installing or not installing the security patch. The user needs to take data on the security patch from Microsoft and all software vendors involved on a given application to make an intelligent decision. Having timely and consistent data, even if incomplete, is critical for the end user. MUGPatch is striving to develop a methodology to help streamline this critical decision making process for users.
 
For more on the MS MUG and the MUGPatch subgroup, visit www.omac.org/msmug. You can join the MUGPatch e-mail group from the OMAC MS MUG website.

—David Bauman is OMAC’s technical director in Fort Wright, Ky.