The Community for Technology Leaders
Green Image
Issue No. 05 - September/October (2009 vol. 7)
ISSN: 1540-7993
pp: 82-85
Tadayoshi Kohno , University of Washington
Matt Bishop , University of California, Davis
Ryan W. Gardner , Johns Hopkins University
ABSTRACT
Updating and patching has become a ubiquitous part of software maintenance, with particular importance to security. It's especially crucial when the systems in question perform vital functions and security compromises might yield drastic consequences. Unfortunately, updates intended to remediate security problems are sometimes incomplete, are flawed, or introduce new vulnerability themselves. The authors present several examples of such instances in a widely used electronic voting system, a device for which security is critical. A central lesson of the study is that evaluating a system's security by examining changes between revisions is insufficient; you must evaluate and analyze the system as a whole.
INDEX TERMS
patching, updates, integrity, electronic voting, security & privacy
CITATION
Tadayoshi Kohno, Matt Bishop, Ryan W. Gardner, "Are Patched Machines Really Fixed?", IEEE Security & Privacy, vol. 7, no. , pp. 82-85, September/October 2009, doi:10.1109/MSP.2009.116
99 ms
(Ver )