84020 2002-11-12  00:22  /37 rader/ Crispin Cowan <crispin@wirex.com>
Importerad: 2002-11-12  00:22  av Brevbäraren
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM <BUGTRAQ@securityfocus.com>
Extern mottagare: secpapers@securityfocus.com
Mottagare: Bugtraq (import) <2340>
Ärende: Timing the Application of Security Patches for Optimal Uptime
------------------------------------------------------------
This paper has been published at the USENIX LISA 2002 conference
<http://www.usenix.org/events/lisa02/>, and is available for download
here <http://wirex.com/%7Ecrispin/time-to-patch-usenix-lisa02.ps.gz>.

         Timing the Application of Security Patches for Optimal Uptime

Steve Beattie, Seth Arnold, Crispin Cowan, Perry Wagle, and Chris Wright
            WireX Communications, Inc.  http://wirex.com
                                      and
                                Adam Shostack
                 Informed Security  http://www.informedsecurity.com

     Security vulnerabilities are discovered, become publicly known,
     get exploited by attackers, and patches come out.  When should
     one apply security patches?  Patch too soon, and you may suffer
     from instability induced by bugs in the patches.  Patch too
     late, and you get hacked by attackers exploiting the
     vulnerability.  We explore the factors affecting when it is best
     to apply security patches, providing both mathematical models of
     the factors affecting when to patch, and collecting empirical
     data to give the model practical value. We conclude with a model
     that we hope will help provide a formal foundation for when the
     practitioner should apply security updates.

Crispin

-- 
Crispin Cowan, Ph.D.
Chief Scientist, WireX                      http://wirex.com/~crispin/
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html
			    Just say ".Nyet"
(84020) /Crispin Cowan <crispin@wirex.com>/(Ombruten)