Tripwire Study: Half of IT professionals Struggle to Keep Up with Enterprise Patching

PORTLAND, Ore. – March 8, 2016 – Tripwire, Inc., a leading global provider of endpoint protection and response, security and compliance and IT operations solutions, today announced the results of an extensive study conducted by Dimensional Research and Tripwire’s Vulnerability and Exposure Research Team (VERT) on the state of enterprise patch management. The study evaluated the attitudes of over 480 IT professionals involved in patch management and assessed enterprise patch volume and installation trends.

Patch management plays a critical role in minimizing security risk for enterprise information technology systems. However, according to Tripwire’s study, half of the respondents admitted there are times their teams struggle to keep up with, or found themselves completely overwhelmed by, the volume of patches.

“The relationship between patches and vulnerabilities is far more complex than most people think,” said Tim Erlin, director of IT risk and security strategist for Tripwire. “Sometimes patches fix multiple vulnerabilities on specific platforms, but not others. There can be confusion between patches and upgrades, or patches and upgrades may address different, but overlapping sets of vulnerabilities. As the complexity of patch management continues to evolve, it has become more difficult for enterprise patch management teams to achieve and maintain a fully patched state.”

Additional findings from the study include:

  • Fifty percent of respondents believe that client-side patches are released at an unmanageable rate.
  • Fifty percent feel their IT teams don’t understand the difference between applying a patch and remediating a vulnerability.
  • At least some of the time, 67 percent said they have difficulty understanding which patch needs to be applied to which system.
  • Eighty-six percent said embedded products such as Adobe Flash patches released with Google Chrome updates make it more difficult to understand the impact of a patch.

“When we began this research, we expected patch fatigue to affect a small portion of the industry,” said Tyler Reguly, manager of Tripwire VERT. “Instead, we discovered that it is a broad, sweeping issue affecting a wide range of organizations.”

A white paper with detailed analysis of the study, trend data on security patches across major enterprise software vendors, and practical steps organizations can take to reduce patch fatigue is available here:

For more information on Tripwire VERT, please visit:


Additional Resources:
About Tripwire

Tripwire is a leading provider of security, compliance and IT operations solutions for enterprises, industrial organizations, service providers and government agencies. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business context; together these solutions integrate and automate security and IT operations. Tripwire’s portfolio of enterprise-class solutions includes configuration and policy management, file integrity monitoring, vulnerability management, log management, and reporting and analytics. Learn more at, get security news, trends and insights at or follow us on Twitter @TripwireInc.

Press Contacts

Ray Lapena
PR Manager