An analysis of security incidents on the Internet 1989-1995
An analysis of security incidents on the Internet 1989-1995
Know your enemy: revealing the security tools, tactics, and motives of the blackhat community
Know your enemy: revealing the security tools, tactics, and motives of the blackhat community
Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
Maximum RPM
SAM: Security Adaptation Manager
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Why Information Security is Hard-An Economic Perspective
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
A Trend Analysis of Exploitations
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
SubDomain: Parsimonious Server Security
LISA '00 Proceedings of the 14th USENIX conference on System administration
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Communications of the ACM - E-services: a cornucopia of digital offerings ushers in the next Net-based evolution
Cost effective management frameworks for intrusion detection systems
Journal of Computer Security
Detecting past and present intrusions through vulnerability-specific predicates
Proceedings of the twentieth ACM symposium on Operating systems principles
Toward a cost model for system administration
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Configuration debugging as search: finding the needle in the haystack
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
OPUS: online patches and updates for security
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
BrowserShield: Vulnerability-driven filtering of dynamic HTML
ACM Transactions on the Web (TWEB)
Staged deployment in mirage, an integrated software upgrade testing and distribution system
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Delta execution for software reliability
HotDep'07 Proceedings of the 3rd workshop on on Hot Topics in System Dependability
Evolution of storage management: transforming raw data into information
IBM Journal of Research and Development
Efficient online validation with delta execution
Proceedings of the 14th international conference on Architectural support for programming languages and operating systems
Configuration management and security
IEEE Journal on Selected Areas in Communications - Special issue on network infrastructure configuration
Cooperative update: a new model for dependable live update
Proceedings of the 2nd International Workshop on Hot Topics in Software Upgrades
Information security investment decisions: evaluating the Balanced Scorecard method
International Journal of Business Information Systems
Ecotopia: an ecological framework for change management in distributed systems
Architecting dependable systems IV
Information security economics - and beyond
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Optimal security patch release timing under non-homogeneous vulnerability-discovery processes
ISSRE'09 Proceedings of the 20th IEEE international conference on software reliability engineering
Proposal and evaluation of data reduction method for tracing based pre-patch impact analysis
APNOMS'09 Proceedings of the 12th Asia-Pacific network operations and management conference on Management enabling the future internet for changing business and new computing services
To upgrade or not to upgrade: impact of online upgrades across multiple administrative domains
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
CANVuS: context-aware network vulnerability scanning
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Is open source security a myth?
Communications of the ACM
Patch auditing in infrastructure as a service clouds
Proceedings of the 7th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
On the limits of cyber-insurance
TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
A theoretical model for the average impact of attacks on billing infrastructures
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Staging package deployment via repository management
LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
Before we knew it: an empirical study of zero-day attacks in the real world
Proceedings of the 2012 ACM conference on Computer and communications security
Patch Release Behaviors of Software Vendors in Response to Vulnerabilities: An Empirical Analysis
Journal of Management Information Systems
Securing web-clients with instrumented code and dynamic runtime monitoring
Journal of Systems and Software
Hi-index | 0.02 |
Security vulnerabilities are discovered, become publicly known, get exploited by attackers, and patches come out. When should one apply security patches? Patch too soon, and you may suffer from instability induced by bugs in the patches. Patch too late, and you get hacked by attackers exploiting the vulnerability. We explore the factors affecting when it is best to apply security patches, providing both mathematical models of the factors affecting when to patch, and collecting empirical data to give the model practical value. We conclude with a model that we hope will help provide a formal foundation for when the practitioner should apply security updates.