Patchlink security technology vice president, Chris Andrew said encrypting the vulnerability status of patched or unpatched machines is integral to stopping insiders knowing too much about the security status of the network they are using.

Andrew stressed there have been no vulnerability exploits as yet between the Patchlink agent or server, but added enterprise network vulnerability status is critical information and should ideally be protected.

"Patch management systems gather sensitive information on the network, inventory and are constantly gathering information about patch vulnerabilities. In the world of insider threats the best information is which systems on the network can be exploited, then someone can find other vulnerable systems," Andrew said.

"Many systems being patched have critical customer data and by making all communications fully encrypted we can guarantee patching is done securely. Frequently customers have become more concerned about external machines, but in 2006 the environment is changing as people are looking at threats from the inside because it has become a more important threat vector.

"We are the first patch management company licensing strong encryption for use inside our product ... we are using a Web-based delivery system to download encrypted patch data and the OEM license with RSA Security allows us to deliver encryption to all customers as a free upgrade to existing subscribers."