IIEEE Trans. Software Eng.
 2023
DOI: 10.1109/tse.2022.3176674
|View full text |Cite
|
Sign up to set email alerts
|

Software Updates Strategies: A Quantitative Evaluation Against Advanced Persistent Threats

Giorgio Di Tizio
1
,
Armellini, Michele
2
,
Fabio Massacci
3

Abstract: Software updates reduce the opportunity for exploitation. However, since updates can also introduce breaking changes, enterprises face the problem of balancing the need to secure software with updates with the need to support operations. We propose a methodology to quantitatively investigate the effectiveness of software updates strategies against attacks of Advanced Persistent Threats (APTs). We consider strategies where the vendor updates are the only limiting factors to cases in which enterprises delay upda… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1

Citation Types

0
1
0

Year Published

2023
2023
2024
2024

Publication Types

Select...
3
1

Relationship

1
3

Authors

Journals

citations
Cited by 4 publications
(2 citation statements)
references
References 62 publications
0
1
0
Order By: Relevance
“…However, in the latter case, your risk profile, i.e., the odds of succumbing, will not be better off than the company who just patches high-risk vulnerabilities, even against advanced persistent threats. 6 So why bother toiling as the hare if you fall prey to the same wolves as the tortoise? You can watch the video (https:// vimeo.com/853062910) accompanying the Communications of the ACM shorter piece 7 or read the rebuttal by Steve Lipner and John Pescatore warning against such dangerously heretical ideas.…”
Section: The Holy Grail Of Vulnerability Predictionsmentioning
confidence: 99%

The Holy Grail of Vulnerability Predictions

Massacci
2024
IEEE Secur. Privacy
Self Cite
0
0
0
0
View full textAdd to dashboardCite
“…However, in the latter case, your risk profile, i.e., the odds of succumbing, will not be better off than the company who just patches high-risk vulnerabilities, even against advanced persistent threats. 6 So why bother toiling as the hare if you fall prey to the same wolves as the tortoise? You can watch the video (https:// vimeo.com/853062910) accompanying the Communications of the ACM shorter piece 7 or read the rebuttal by Steve Lipner and John Pescatore warning against such dangerously heretical ideas.…”
Section: The Holy Grail Of Vulnerability Predictionsmentioning
confidence: 99%

The Holy Grail of Vulnerability Predictions

Massacci
2024
IEEE Secur. Privacy
Self Cite
0
0
0
0
View full textAdd to dashboardCite
“…We investigated whether this is the case in the context of Advanced Persistent Threats (APTs) [2], 'la creme de la creme' of the attacker ecosystem. APTs are sophisticated actors that deliberately and persistently target specific individuals and companies with a strategic motivation (from sabotage to financial gain).…”
mentioning
confidence: 99%

Are Software Updates Useless against Advanced Persistent Threats?

Massacci
1
,
Tizio
2
2022
Commun. ACM
5
0
0
0
View full textAdd to dashboardCite
show abstract

ATT&CK-based Advanced Persistent Threat attacks risk propagation assessment model for zero trust networks

Zhang,
Zheng,
Zhang
et al. 2024
Computer Networks
2
0
0
0
View full textAdd to dashboardCite
scite logo

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Product
Browser ExtensionAssistant by sciteCitation Statement SearchReference CheckVisualizationsDashboardsExplore JournalsExplore OrganizationsExplore FundersEmbedding BadgeEmbedding Citation SearchPricing
Resources
BlogHelp & FAQAccessibility StatementAPI TermsFor Universities & GovernmentsFor ResearchersFor PublishersFor Corporate, Pharma & EnterpriseAuthor MarketingBecome an AffiliateGet an organization trial or quotescite Data & Services
About
News & PressCareersRead our PaperCoverage

BlogTerms and ConditionsAPI TermsPrivacy PolicyContactCookie PreferencesDo Not Sell or Share My Personal Information

Copyright © 2024 scite LLC. All rights reserved.

Made with 💙 for researchers

Part of the Research Solutions Family.