Sciweavers

HOTOS
2009
IEEE

Security Impact Ratings Considered Harmful

13 years 7 months ago
Security Impact Ratings Considered Harmful
In this paper, we question the common practice of assigning security impact ratings to OS updates. Specifically, we present evidence that ranking updates by their perceived security importance, in order to defer applying some updates, exposes systems to significant risk. We argue that OS vendors and security groups should not focus on security updates to the detriment of other updates, but should instead seek update technologies that make it feasible to distribute updates for all disclosed OS bugs in a timely manner.
Jeff Arnold, Tim Abbott, Waseem Daher, Gregory Pri
Added 16 Aug 2010
Updated 16 Aug 2010
Type Conference
Year 2009
Where HOTOS
Authors Jeff Arnold, Tim Abbott, Waseem Daher, Gregory Price, Nelson Elhage, Geoffrey Thomas, Anders Kaseorg
Comments (0)