Every week, it seems, a new onslaught of malicious code threatens to breach corporate networks. And patch management—keeping users up-to-date and protected—stretches already limited IT resources and requires constant staff vigilance.

Software vendors themselves are much to blame for this problem, says Tunay Tunca, assistant professor of operations, information, and technology at the Stanford graduate school of business. "Because applying patches is often difficult and time-consuming, users accrue unnecessary costs," he says. Tunca advises software vendors to spend the time and money up front to produce reliable, easy-to-install protection programs and make them readily available to users.

In a recent study, Tunca developed mathematical models to determine alternative patch strategies and find ways for users to update software more seamlessly. One solution is to offer rebates on future software purchases to companies that maintain exceptional patch management. Others include mandating patching as part of a user-contract agreement, and applying government taxes or penalties for consistently vulnerable software. These options may turn off users or increase software costs, Tunca acknowledges.

The best option is for software vendors to be proactive in patch management. "Spending resources on creating good remedies pays off and benefits everyone involved," Tunca says.—Derek Top

Metro Group Measures RFID Gains, Shows New-Generation Chips

Metro Group, the German RFID pioneer in the retail industry, has some new data to justify its supply-chain tracking efforts. Based on a just-completed study it conducted with Procter & Gamble and IBM, the hypermarket company says it has saved more than 8.5 million euros ($10 million) annually at the sales division of its Cash & Carry and distribution warehouses thanks to its RFID and EDI technologies.

This is in line with expectations, Gerd Wolfram, managing director of Metro Group Information Technology GmH, told Optimize. It's especially positive news since the company is in the early phases of its planned implementation: So far, just two of 11 process stages have been analyzed and quantified at 22 locations, he said. The technology has helped Metro accelerate time-consuming standard processes in the incoming-goods portion of its business.

Manufacturers also benefit by using the tags, Wolfram said, since a total of 16 seconds per pallet can be saved in order picking—which means reduced logistics costs, faster handling of incoming goods, and shorter waiting time for delivery trucks.

This year, Wolfram added, Metro is introducing its Generation 2 RFID transponder chips, which will improve reading precision on cartons of merchandise, not just on pallets. An innovator in this area, the company will roll out the chips as tests prove successful and its partners demonstrate a willingness to adopt them. The technology is still in the early stages, Wolfram said, but Metro is becoming more "confident and proficient" in its designs.—Paula Klein