Few are satisfied with their existing processes and risk levels. One problem is that many patch management reference documents are available; yet none provide specific guidance for industry needs.