Issue No.05 - September/October (2009 vol.7)
Ryan W. Gardner , Johns Hopkins University
Matt Bishop , University of California, Davis
Tadayoshi Kohno , University of Washington
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2009.116
Updating and patching has become a ubiquitous part of software maintenance, with particular importance to security. It's especially crucial when the systems in question perform vital functions and security compromises might yield drastic consequences. Unfortunately, updates intended to remediate security problems are sometimes incomplete, are flawed, or introduce new vulnerability themselves. The authors present several examples of such instances in a widely used electronic voting system, a device for which security is critical. A central lesson of the study is that evaluating a system's security by examining changes between revisions is insufficient; you must evaluate and analyze the system as a whole.
patching, updates, integrity, electronic voting, security & privacy
Ryan W. Gardner, Matt Bishop, Tadayoshi Kohno, "Are Patched Machines Really Fixed?", IEEE Security & Privacy, vol.7, no. 5, pp. 82-85, September/October 2009, doi:10.1109/MSP.2009.116