Security & DevSecOps Practical By Samson Tanimawo, PhD Published Jan 29, 2026 4 min read

Vulnerability Patching Policy

Patches arrive constantly. The policy.

By severity

Critical: 7 days. High: 30 days. Medium: 90 days.

SLAs documented.

Test

Patches in staging first. Production by SLA.

Process gated.

Emergency

Active exploitation: 24-48 hour fast-track.

Documented; bypassable when justified.