Upgrading network device firmware/software is a task that IT operations often avoids as much as they possibly can, given that it introduces change (and therefore risk) and it requires a highly-coordinated effort to minimize downtime. As a practice, most IT organizations try to limit FW/SW changes on their network equipment to once a year and for many it is an expensive, long and arduous process.
There are three primary factors that drive the requirement for a firmware update – first is a security vulnerability identified by a device vendor; second is the requirement to enable features that are not currently available on devices; and third is that the currently deployed version is going out of warranty with the vendor.
The security vulnerability is often the most urgent requirement which forces an IT team to plan and execute a FW/SW upgrade to minimize risk. These days security vulnerabilities are on the top of the priority list for most CIOs/CTOs. This is because high profile hacks can negatively impact a business financially, operationally and in in the eyes of the public. Any delay in addressing a known vulnerability will reflect poorly on a company, especially if it is exposed and impacts business continuity.