LISA 2002 - Technical Program Abstract
Timing the Application of Security Patches for Optimal Uptime
Steve Beattie, Seth Arnold, Crispin Cowan, Perry Wagle,
and Chris Wright* - WireX Communications, Inc. Adam Shostack - Zero Knowledge Systems, Inc.
Pp. 233-242 of the Proceedings of LISA '02:
Sixteenth Systems Administration Conference,
USENIX Association, 2002).
Security vulnerabilities are discovered, become publicly known,
get exploited by attackers, and patches come out. When should one
apply security patches? Patch too soon, and you may suffer from
instability induced by bugs in the patches. Patch too late, and you
get hacked by attackers exploiting the vulnerability. We explore the
factors affecting when it is best to apply security patches, providing
both mathematical models of the factors affecting when to patch, and
collecting empirical data to give the model practical value. We
conclude with a model that we hope will help provide a formal
foundation for when the practitioner should apply security updates.
- View the full text of this paper in
PDF, and Postscript. Until November 2003, you will need your USENIX membership identification in order to access the full papers.
The Proceedings are published as a collective work, © 2002 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.