nCircle Announces Patch Priority Index 2

Patch Priority Index rankings are based on nCircle's Risk Score

February 23, 2010

2 Min Read


SAN FRANCISCO, CA "February 23, 2010 " nCircle, the leader in security and compliance auditing solutions, today announced the debut of nCircle Patch Priority Index, a monthly ranking of the highest risk vulnerabilities from key vendors such as Microsoft and Adobe that adjusts to reflect how a vulnerability's risk changes over time. The free, publicly available Patch Priority Index (PPI) provides a repeatable, consistent metric that global IT security teams can use to effectively prioritize the most critical vulnerabilities.

Patch Priority Index rankings are based on nCircle's Risk Score. The nCircle Risk Score was developed over several years using data collected from hundreds of thousands of security audits and was designed to scale to very large networks. It provides a highly granular metric to facilitate true prioritization based on actual risk to the network. The Patch Priority Index contains key elements of the nCircle Risk Score, including a critical time component that is unique among scoring systems. This time component prioritizes new patches within the context of all patches previously released by a vendor within the preceding twelve months, information that is not available through other public sources.

Patch Priority Index debuts for Microsoft vulnerabilities in March. Other key vendors will follow. The Patch Priority Index will be updated regularly and is publicly available to any IT security professional.

"Security operations professionals understand that risks often aren't evaluated and fixed inside a 30 day window, said Andrew Storms, Director of Security Operations. "The nCircle PPI helps prioritize risk reduction decisions by helping evaluate new patches within the context of the bigger security picture."

"With vulnerabilities and exploits in every major enterprise software product on the rise, we believe the Patch Priority Index is an invaluable tool for every IT security team, and that's why we are sharing it with the wider global security community," notes Tim "TK" Keanini, CTO of nCircle. "The track record of the nCircle Risk Score on which it is based is excellent and was established via repeated applications at Fortune 500 networks with the most rigorous security requirements in the world," he adds.

Tyler Reguly, Lead Research Engineer, will be offering a Patch Priority Index presentation at RSA on Tuesday, March 2, at 12 pm, in booth 1023.

About nCircle nCircle is the leading provider of automated security and compliance auditing solutions. More than 4,500 enterprises, government agencies and service providers around the world rely on nCircle's proactive solutions to manage and reduce security risk and achieve compliance on their networks. nCircle has won numerous awards for growth, innovation, customer satisfaction and technology leadership. nCircle is headquartered in San Francisco, CA, with regional offices throughout the United States and in London and Toronto. Additional information about nCircle is available at

nCircle is a registered trademark of nCircle Network Security, Inc. All other registered or unregistered trademarks are the sole property of their respective owners.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights