< Live Malware Search | Detailed Browser Attack >
Jul 19

Monthly Patch Release Schedules: Do the Risks outweigh the Benefits?

Masters No comments »
Masters

At the Information Security South Africa conference 2006 I published a paper arguing that our current understanding of the risks associated with monthly patch release cycles is pretty poor. This discussion is pretty important given that entities such as Gartner recon monthly release will be the new industry standard.

I basically argue that in the case of delayed (responsible) disclosure patch schedules work well, but in the case of instantaneous (0day) disclosure none of the purported benefits, namely better quality patches and better deployment scheduling are accrued. I then move onto some solutions.

I think this is a really important paper and a really important discussion. Of course, I am the author so I would think that. The paper is available at:

http://singe.za.net/masters/files/issa2006/issa-2006-patch_schedule.pdf

Posted by Dominic White

Last modified on 2007-01-12 08:04

0 Trackbacks

Trackback specific URI for this entry
  1. No Trackbacks

0 Comments

Display comments as(Linear | Threaded)
  1. No comments

Add Comment


E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA