This paper attempts to address the issue of hardening the internal security of an organisation's network by easing its patch management. Traditionally security has been modeled on a "hard outer shell" approach, with a firewall protecting the otherwise vulnerable internal network. With the advent of worms using such techniques as social engineering to bypass the organisational firewall and installing trojans, this approach is no longer sufficient. As a result of these new attacks, emphasis should be placed on improving the security of the internal network. Most research agrees that prompt patching of security vulnerabilities would significantly reduce the vulnerability of these machines. However, this requires system administrators not only to keep abreast of the flood of patches, but to ensure they are deployed to every machine, in what could be a very large network. These difficulties are worsened by problems the patches themselves often create. This is a difficult tas...