I would be interested in learning what policies are in place at other companies that dictate who is responsible for patching, and what they are responsible for patching. Recently, we've encountered problems while patching Java and .NET and my thought is that our infrastructure team should NOT be patching these since they are more application related, and thus the responsibility of the developers.
Is anyone currently segrating O.S. and application patching between different departments?
As the information security manager, I only patch manadated security updates, however, I do push some of the common service packs (MS Office, etc.). Rarely do I push anything related to windows updates, nor do I even scan for these.