September 22, 2022

Libelle IT Glossary Part 16: What is a Patch?

AuthorHenning Mälzer

Regular patch updates are especially important for companies in times of cybercrime as well as  hacker attacks. Those who underestimate this offer criminal energies a perfect attack surface.

Hackers and cyber criminals work on a daily basis in order  to find security vulnerabilities and abuse them for their own purposes. Detected vulnerabilities are used in order  to spread malware, specifically infect companies with Trojans and the like, and steal data.  

There are various ways to reduce the risk of such attacks. Besides a disaster recovery concept, a patch management process is a complementary way in order  to protect yourself in the best possible way.  

What exactly is a patch?

The word "patch" is an update for software. This creates  corrections and/or closes security gaps. Such software patches are sometimes implemented without informing users or are only designated as necessary updates.

In the end of 2021, such a critical vulnerability became known in the Java library Log4j. The threat of this vulnerability was classified as highly critical by the German Federal Office for Information Security (BSI) for several weeks. (Source)

Log4j affected and continues to affect numerous companies and especially software vendors. They reacted with patches and workarounds for their software solutions to close the vulnerability.

The current short information about Log4j is available here: Apache log4j: Vulnerability allows code execution (as of 09.06.2022).

Which patch types are there?

Basically, there are four different patch types:

  • Bugfix:
    Fixing technical errors in the program source code
  • Hotfix or critical patch update:
    Immediate bug fix of serious problems, which is performed in the application program
  • Security patch:
    Correction that closes security vulnerabilities
  • Update:
    Update that includes feature enhancements and/or bug fixes

Continuous further development

Especially in the software sector, continuous further development is important, and not only regards to cybercrime. New customer’s  requirements  must be answered and, if possible, even before the competition. In the case of updates and bug fixes, extensive testing is necessary before release to ensure that everything runs smoothly. Therefore, patch management is an important part for further development.

After the test phase, bug fixes and updates are collected in the form of new features and  are released with the help of a new version of the software. Companies usually use a fixed date a so-called "patch day" or release day. On this date, patches such as bug fixes and new features are released on a monthly or weekly basis.
Time-critical security patches or hotfix/critical patches are applied to individual installations.

We being  Libelle IT Group are constantly developing our software. Thus we use our releases in order  to respond to new customer needs as well as  bugs. With the help of test management, these are thoroughly tested and then released.

Do you work in IT or are you interested in IT-related topics? Then feel free to visit our blog for more topics and follow us on LinkedIn.

Recommended article
December 22, 2022 Libelle IT Glossary Part 22: What is DevOps?

All blog articles