In this paper we quantitatively evaluate dependability/ security of a computer-based system subject to Denial of Service (DoS) attacks. More specifically, we develop two semi-Markov models for describing the stochastic behavior of systems with different security patch release strategies. The optimal security patch management policies are then formulated and analytically derived to maximize the steadystate system availability. We further perform the sensitivity analysis of model parameters through numerical experiments and refer to the effectiveness of our preventive patch management policies.