It’s been a long few months, but I’m excited to finally announce the release of version 1.0 of the Project Quant model and report. We are also releasing our first pass at the analysis of the Project Quant survey, which included 100 responses at the time of analysis.
We really do consider this a 1.0 version of the model, and expect it to change as we get additional feedback and continue to explore the model with additional surveys, focused interviews, and other research. Please drop us any feedback here or in the forums.
The main report includes:
- Background material, assumptions, and research process overview.
- The complete Patch Management Process framework.
- The detailed metrics, which correlate with the process framework.
- Identification of key metrics.
- How to use the model.
- A lightweight version of the model, for those who don’t need the full, detailed metrics.
This version currently lacks sample use cases, and we plan on releasing those as the project continues (at 45 pages, we felt it was already long enough). We also haven’t finished the spreadsheet version of the model, and will get that out next week.
We are also releasing our first analysis report of the Project Quant open patch management survey. Due to time pressures stemming from Black Hat, we aren’t able to release the raw survey results, but will get those up next week after we return from the conference. And don’t forget, the survey is still live and we will continue to release results as we get them.
We’ve linked to the landing pages for both documents, since that’s where we will be putting updates and supplemental material (hopefully you aren’t annoyed by having to click 1 extra time to see the report). The material is being released under a Creative Commons license.
Finally, I still need to release the rest of our project communications, which are all sitting in a folder, but that too will have to wait until I get back from Black Hat.
We’d really like to thank the community of people who participated in the project, and we hope you will all continue to participate as we refine the model and advance the work.