Over at Securosis we’ve been working on a big project (called Project Quant) with Microsoft to develop a rigorous patch management metrics model. We ended up with a 40+ page report including over a hundred metrics in a 10 phase, 40 step patch management process framework. You can read about it here. This was a community project, with participation from a bunch of different people and groups.
But, for this community, the more interesting part was the survey we conducted. We performed an open survey on patch management processes that included some of the biggest, and smallest, organizations around (and are keeping the survey open). While we released a summary analysis with the initial project report, we are now releasing the raw survey data.
This data has been anonymized, but otherwise unaltered. We had about 116 responses when I did this data dump, and keep in mind the results likely skewed towards more mature organizations (since they’d be more incented to participate). This data will be exclusive here at the Informer for one week before we release it to the broader community. The file includes the data in cvs and xls format, with an xls of summary results (the pretty charts).