If our objective is to establish an efficient flow of patching and correcting flaws, the first thing we should keep in mind is that patching systems is not the same as patching applications or services. And the implications can be very different (and of very different degrees of severity). The separation of these patches at the technical level is due to the intrinsic characteristics of each, and the application patch cycles of these elements have to have different treatments. The idea is to automate and streamline the process. Once this is accomplished, a robust inventory must be drawn up that must always be attended to and kept up-to-date.
We should begin by designing a work cycle specifically tailored to our system’s needs. Within this cycle we can use many tools that help us automate the process, streamlining the flow, etc. But we should keep in mind that not even the most sophisticated of methods will completely eliminate the manual phases of the flow.
To generate a correct flow of security patch implementation , we can identify several phases consisting in the detection of systems, services and applications, and the versioning of the software; the evaluation of the risk and the determination of the best way to carry out said evaluations; and the correction of policies according to the type of patch and classification of the risk.
Source: Panda Security