PADC shortcomings hinder free patch service

Limits on capabilities and available licenses have kept federal agencies from using the free Patch Authentication and Dissemination Capability offered by the Federal Computer Incident Response Center, according to the General Accounting Office.

'PADC is but one of a variety of available services and automated tools, and does not include important features that are available in other services and products,' said Robert F. Dacey, GAO's director of information security.

Dacey's comments came in response to inquiries from the House Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census.

Subcommittee members last month raised questions about why government computers remain vulnerable to worms and viruses.

PADC tests and validates vendors' security patches, notifies government subscribers of the patches and provides a secure link for downloading them. Although 47 agencies have subscribed to the service, the Office of Management and Budget has said actual use is low.

'FedCIRC officials have acknowledged limitations to the PADC service,' Dacey said in a written reply to the subcommittee. Because of budget constraints, only 2,000 accounts are available governmentwide, and FedCIRC cannot offer many agencies enough subscriptions to serve their full needs.

In addition, PADC makes only relevant patches securely available. Commercial patch management tools and services can deploy patches across networks and verify that they have been successfully installed.

'Because of PADC's limitations, an official from one agency told us that his agency has decided not to subscribe to the free service and instead use other methods and tools to perform patch management,' Dacey wrote.

FedCIRC's parent, the Homeland Security Department, is considering expanding PADC's capabilities and the number of subscriptions available. Until that happens, use of PADC probably should not be required, Dacey said.

About the Author

William Jackson is a Maryland-based freelance writer.


  • 2020 Government Innovation Awards
    Government Innovation Awards -

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected