Security Impact Ratings Considered Harmful

14 years 3 months ago

Download www.usenix.org

In this paper, we question the common practice of assigning security impact ratings to OS updates. Specifically, we present evidence that ranking updates by their perceived security importance, in order to defer applying some updates, exposes systems to significant risk. We argue that OS vendors and security groups should not focus on security updates to the detriment of other updates, but should instead seek update technologies that make it feasible to distribute updates for all disclosed OS bugs in a timely manner.

Jeff Arnold, Tim Abbott, Waseem Daher, Gregory Pri

Real-time Traffic

HOTOS 2009 | Operating System | OS Updates | Security Impact Ratings | Security Updates |

claim paper

Post Info
More Details (n/a)

Added	16 Aug 2010
Updated	16 Aug 2010
Type	Conference
Year	2009
Where	HOTOS
Authors	Jeff Arnold, Tim Abbott, Waseem Daher, Gregory Price, Nelson Elhage, Geoffrey Thomas, Anders Kaseorg

Comments (0)

Sciweavers

Security Impact Ratings Considered Harmful

HOTOS 2009 | Operating System | OS Updates | Security Impact Ratings | Security Updates |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers