The steady stream of patches from leading software vendors is trying the patience of IT administrators and corporate executives, according to a panel of CSOs from leading U.S. corporations. The steady stream of patches from leading software vendors is trying the patience of IT administrators and corporate executives, according to a panel of CSOs from leading U.S. corporations.During a February RSA Conference in San Francisco, IT security executives agreed that better tools are needed to reduce the number of product vulnerabilities, including technology to spot holes in raw computer code and security certifications for software products.The panel on software vulnerabilities and so-called zero day exploits brought together CSOs from Oracle, Thomson, Google and Safeway.Executives expressed frustration with the frequency of patches from leading software vendors, including Microsoft, Oracle and others. “When new vulnerabilities come out, I feel like I’m being managed by a problem that’s not my problembut Oracle’s problem,” said Phillip Harris, vice president of information security at supermarket giant Safeway. Harris lamented the reactive nature of patch management software and called for earlier notice from software vendors and better communication about vulnerabilities. Echoing Harris’s opinion, Thomson Vice President and CSO Dennis Devlin said that no single security technology is a panacea, but that collectively, vendors could give organizations time to react to new threats.In defense of the software vendor community, Oracle CSO Mary Ann Davidson pointed out that technology buyers also need to be more demanding customers, requiring security evaluations of finished software products and holding developers to higher standards. She argued that the federal government has a role to play in reducing the number of vulnerabilities: Government research of scanning tools for computer code could compensate for a lack of private-sector investment into that technology. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe