Timing the Application of Security Patches for Optimal Uptime
From: Crispin Cowan (crispin@wirex.com)Date: 11/10/02
- Previous message: Sharad Ahlawat: "Re: Cisco PIX SSH/telnet dDOS vulnerability CSCdy51810"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 10 Nov 2002 08:11:39 -0800 From: Crispin Cowan <crispin@wirex.com> To: "BUGTRAQ@SECURITYFOCUS.COM" <BUGTRAQ@SECURITYFOCUS.COM>, secpapers@securityfocus.com
This paper has been published at the USENIX LISA 2002 conference
<http://www.usenix.org/events/lisa02/>, and is available for download
here <http://wirex.com/%7Ecrispin/time-to-patch-usenix-lisa02.ps.gz>.
Timing the Application of Security Patches for Optimal Uptime
Steve Beattie, Seth Arnold, Crispin Cowan, Perry Wagle, and Chris Wright
WireX Communications, Inc. http://wirex.com
and
Adam Shostack
Informed Security http://www.informedsecurity.com
Security vulnerabilities are discovered, become publicly known, get
exploited by attackers, and patches come out. When should one apply
security patches? Patch too soon, and you may suffer from
instability induced by bugs in the patches. Patch too late, and you
get hacked by attackers exploiting the vulnerability. We explore
the factors affecting when it is best to apply security patches,
providing both mathematical models of the factors affecting when to
patch, and collecting empirical data to give the model practical
value. We conclude with a model that we hope will help provide a
formal foundation for when the practitioner should apply security
updates.
Crispin
-- Crispin Cowan, Ph.D. Chief Scientist, WireX http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html Just say ".Nyet"
- Previous message: Sharad Ahlawat: "Re: Cisco PIX SSH/telnet dDOS vulnerability CSCdy51810"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
