The authenticity of a patch to a business-critical software package has been verified. From a
security point of view, what should happen next?

A.
Wait before installing the patch. If after some time there are no signs that the patch causes
adverse effects at other installations, install it on the live system.

B.
Trust the vendor. Apply the patch immediately to the live system in order to prevent critical
vulnerabilities being exploited.

C.
Consider the technical and business impact of applying or of not applying the patch. Test the
patch on a pre-production system, and if the results are acceptable, apply it to the live systems.

D.
Wait before installing the patch. If there has been no impact to your system to date, you can
ignore it even if you are using the affected component.