Skip to Highlights

Pursuant to a request from the Chairman, Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census, House Committee on Government Reform, GAO responded to posthearing questions. At the subject hearing, GAO discussed effective patch management practices for mitigating the risks to critical information systems posed by exploits of vulnerabilities in widely used commercial software products. GAO specifically discussed the Department of Homeland Security's (DHS) Patch Authentication and Dissemination Capability (PADC). PADC is a service offered by DHS's Federal Computer Incident Response Center (FedCIRC) that provides federal agencies with information on trusted, authenticated patches for their specific technologies without charge.

Full Report

GAO Contacts