Dubbed "Patch Priority Index," nCircle's scoring system is not meant to replace the security update guidance that a company like offers, said Andrew Storms, nCircle's director of security operations. But for patches issued by other firms, such as Adobe and , the index will bring some of Microsoft's benchmark-setting practices to fixes that currently aren't ranked.

"For Adobe, which generally just uses one sentence to describe each vulnerability it's patching, it's all or nothing, either download and install it, or don't," Storms said, referring to that company's lack of any ranking or rating system to help users prioritize patches.

nCircle's index will start prioritizing Adobe's patches in April, when Adobe delivers its next regularly-scheduled set of security updates for its PDF viewing and editing software, Reader and Acrobat.

"There's a deluge of patches," said Storms. "This has everything to do with prioritization and resources. But we've always been focused on today," he said, pointing out that Microsoft's patch advice only concerns the updates issued that month. "They're just using a month's timeframe to tell you what's most important, but [our index] will include the entire 12 trailing months because we recognize that many can't get their patches out within 30 days, or even 60.

"Our idea is that while today is important and the patches should be reviewed, it's often more important that you're caught up," said Storms.