Security consulting firm Securosis is spearheading a new effort to create metrics to quantify the cost and efficiency of an organization’s patching process. The metrics model will cover everything in the patch management process, from monitoring software for updates to installing the patches. Microsoft’s Jeff Jones, a director in Microsoft’s Trustworthy Computing Group, says the goal is to offer metrics that are consumable for business decision-makers. The model will be a spreadsheet-type model, where organizations can plug in numbers and rate their efficiencies and costs.”]
Source: https://www.darkreading.com/analytics/open-source-metrics-on-tap-for-security-patch-management