With so many applications able to check for and install updates with little or no user intervention, it becomes too easy to be complacent and assume that all needed patches are in place. The key word in security patch management is management; an application that is depended upon to make its own decisions regarding patch acquisition is considered unmanaged and falls outside the scope of most security patch management policies. The intent of having a security patch management policy in place is to ensure that all patchable operating systems and programs are at the highest patch level possible, which decreases the risk of of downtime for individual computer systems or the network in general.
Without using a security patch management tool, the only assurance that all machines connected to your network are updated is an assumption based on the fact that the systems were configured to automatically download and install patches when they were newly deployed. There is no statistical evidence to prove what has been patched and to what level; most policies are audited periodically, and without security patch management being controlled by a specialty server that deploys patches and generates reports, there would be no way to establish that the IT department is following procedure.
Hence, the implementation of a security patch management system is a wise choice for most businesses. Even an open source, no cost application is better than the cross your fingers method of security patch management. Being certain that all systems are patched by security patch management makes certain that the machine is secure, that the corporate network is safe and that the IT staff has a way of demonstrating that the computers they manage indeed are compliant with corporate policy. Security patch management plays a small but vital role in the overall security scheme for a corporate network.