Software Maintenance

Software maintenance is an important component of the software development life cycle (SDLC), as it is the phase that ensures that updates are performed in a timely and complete manner and that software remains current and useful. Such maintenance includes the installation of patches (patch management) as well as other changes (change management) to address system or technology modifications that could affect the functionality and security of the software.

Patch management is the process by which updates to software are identified, implemented, and tested. Patches are generally provided by the software vendor, with some vendors issuing patches on specific days of the week (e.g., Patch Tuesday). The failure to implement patches results in systems that are not as secure as they could be, given known vulnerabilities for which solutions (i.e., patches) have been developed and delivered.

Check Your Knowledge

Choose the best answer to each question:

Question 1
Which of the following statements is true about software maintenance?
It is the part of the software development life cycle (SDLC) that takes the least amount of overall project time.
It is the part of the software development life cycle (SDLC) in which documentation is completed.
It is not a mandatory part of the software development life cycle (SDLC).
It is usually affected by the lack of up-to-date documentation.
Question 2
Due diligence is important to the software development life cycle (SDLC) and is supported by which of the following?
missing security policy documents
no separation of duties
systems current with patch management processes
none of the above
Question 3
Information technology (IT) professionals who document all of the changes made to a system and control updates and maintenance are likely responsible for which of the following?
security control management
change management
document management
program management
Question 4
When a hacker can penetrate a company's system through a zero-day exploit (ZDE), what is likely to be true in the organization?
The organization has a strong defense-in-depth system.
The hacker read about the company's vulnerabilities.
The company has limited defensive measures and limited monitoring of unusual activity.
All of the above are likely to be true.