USENIX Conference Policies
Timing the Application of Security Patches for Optimal Uptime
Security vulnerabilities are discovered, become publicly known, get exploited by attackers, and patches come out. When should one apply security patches? Patch too soon, and you may suffer from instability induced by bugs in the patches. Patch too late, and you get hacked by attackers exploiting the vulnerability. We explore the factors affecting when it is best to apply security patches, providing both mathematical models of the factors affecting when to patch, and collecting empirical data to give the model practical value. We conclude with a model that we hope will help provide a formal foundation for when the practitioner should apply security updates.
BibTeX
@inproceedings {270495,
author = {Steve Beattie and Seth Arnold and Crispin Cowan and Perry Wagle and Chris Wright and Adam Shostack},
title = {Timing the Application of Security Patches for Optimal Uptime},
booktitle = {16th Systems Administration Conference (LISA 02)},
year = {2002},
address = {Philadelphia, PA},
url = {https://www.usenix.org/conference/lisa-02/timing-application-security-patches-optimal-uptime},
publisher = {USENIX Association},
month = nov
}
author = {Steve Beattie and Seth Arnold and Crispin Cowan and Perry Wagle and Chris Wright and Adam Shostack},
title = {Timing the Application of Security Patches for Optimal Uptime},
booktitle = {16th Systems Administration Conference (LISA 02)},
year = {2002},
address = {Philadelphia, PA},
url = {https://www.usenix.org/conference/lisa-02/timing-application-security-patches-optimal-uptime},
publisher = {USENIX Association},
month = nov
}