Posthearing Questions from the September 10, 2003, Hearing on Worm and Virus Defense: How Can We Protect Our Nation's Computers From These Serious Threats?

GAO-04-173R Published: Oct 17, 2003. Publicly Released: Oct 17, 2003.

Highlights

Pursuant to a request from the Chairman, Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census, House Committee on Government Reform, GAO responded to posthearing questions. At the subject hearing, GAO discussed effective patch management practices for mitigating the risks to critical information systems posed by exploits of vulnerabilities in widely used commercial software products. GAO specifically discussed the Department of Homeland Security's (DHS) Patch Authentication and Dissemination Capability (PADC). PADC is a service offered by DHS's Federal Computer Incident Response Center (FedCIRC) that provides federal agencies with information on trusted, authenticated patches for their specific technologies without charge.

Full Report

Full Report (3 pages)

Accessible Text

GAO Contacts

Robert (Bob) Dacey

Chief Accountant

Applied Research and Methods

daceyr@gao.gov

Media Inquiries

Sarah Kaczmarek

Managing Director

Office of Public Affairs

media@gao.gov

Public Inquiries

Topics

Information Security

AuthenticationHomeland securityCertification and accreditationComputer crimesComputer securityComputer virusesCrime preventionFederal computer incident response capabilityInformation security managementInformation systemsInformation systems accreditationInformation systems certificationInventoriesSoftwareSoftware verification and validationTesting