This is an episode about the havoc wrought by the virus W32/SQL.Slammer, sometimes referred to as the Sapphire worm. The worm was a weaponization of the vulnerability presented to the public more than 6 months before the worm started taking down networks far and wide. Why wasn’t the patch deployed? Why did it cause so much havoc? Why haven’t we seen anything quite like it since?

This event, along with the other worms of this era, caused a re-examination of the priority of patching and other enterprise security practices. From the demands that vendors release patches on a more timely schedule, to patching automation, and the practice of scanning and auditing for known vulnerabilities - this was an important step in the maturity of the practice of information security.