Assessing Risks of Policies to Patch Software Vulnerabilities
نویسندگان
چکیده
The number of security vulnerabilities, breaches and digital disaster increases over time. One important source of weaknesses in computer networks is the ubiquitous flaws (‘bugs’) in the software, which are exploitable by malicious agents. Consequently, “patching” the software to correct known bugs is becoming more important, especially for network-based systems. However, decision makers often view this issue differently, due to the presumption that security measures are time consuming and an interruption to the primary business activities. In addition, it is considered too costly to invest in the prevention of something that might not happen. Patching often requires extensive testing and that computer networks be taken down. This work is a preliminary effort to develop a system dynamics model for showing the tradeoffs and the risks of different patching policies.
منابع مشابه
Who Should be Responsible for Software Security? A Comparative Analysis of Liability Policies in Network Environments
In recent years, vendor liability for software security vulnerabilities has been the center of an important debate in the software community and a topic gaining government attention in legislative committees and hearings. The importance of this question surrounding vendor security liability is amplified when one considers the increasing emergence of “zero-day” attacks where hackers take advanta...
متن کاملEnvironmental health risks and vulnerability in post-conflict regions.
The importance of environmental factors during and after conflict has often not received adequate attention, and is of particular importance when assessing those groups most vulnerable to changing conditions. Post-war reconstruction and aid policies must take note of which groups are most susceptible to environmental health risks, and how the conflict itself often created new vulnerabilities th...
متن کاملDefining and Assessing Quantitative Security Risk Measures Using Vulnerability Lifecycle and CVSS Metrics
Known vulnerabilities which have been discovered but not patched represents a security risk which can lead to considerable financial damage or loss of reputation. They include vulnerabilities that have either no patches available or for which patches are applied after some delay. Exploitation is even possible before public disclosure of a vulnerability. This paper formally defines risk measures...
متن کاملOptimizing Network Patching Policy Decisions
Patch management of networks is essential to mitigate the risks from the exploitation of vulnerabilities through malware and other attacks, but by setting too rigorous a patching policy for network devices the IT security team can also create burdens for IT operations or disruptions to the business. Different patch deployment timelines could be adopted with the aim of reducing this operational ...
متن کاملBuilding Security In Are Patched Machines Really Fixed ?
Dozens of previously undetected software vulnerabilities are discovered in a variety of programs and systems every day.1 Once information about a security vulnerability becomes available to a vendor, or particularly to the public, the vendor typically is expected to provide a means of remediation promptly. A common way to do this is to patch or upgrade the software. Quick, effective remediation...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006