Issue No. 05 - September/October (2009 vol. 7)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2009.116
Tadayoshi Kohno , University of Washington
Matt Bishop , University of California, Davis
Ryan W. Gardner , Johns Hopkins University
Updating and patching has become a ubiquitous part of software maintenance, with particular importance to security. It's especially crucial when the systems in question perform vital functions and security compromises might yield drastic consequences. Unfortunately, updates intended to remediate security problems are sometimes incomplete, are flawed, or introduce new vulnerability themselves. The authors present several examples of such instances in a widely used electronic voting system, a device for which security is critical. A central lesson of the study is that evaluating a system's security by examining changes between revisions is insufficient; you must evaluate and analyze the system as a whole.
patching, updates, integrity, electronic voting, security & privacy
Tadayoshi Kohno, Matt Bishop, Ryan W. Gardner, "Are Patched Machines Really Fixed?", IEEE Security & Privacy, vol. 7, no. , pp. 82-85, September/October 2009, doi:10.1109/MSP.2009.116