Numerous security attacks that resulted in devastating consequences can be traced back to a delay in applying a security patch. Despite the criticality of timely patch application, not much is known about why and how delays occur when applying security patches in practice, and how the delays can be mitigated. Based on longitudinal data collected from 132 delayed patching tasks over a period of four years and observations of patch meetings involving eight teams from two organisations in the healthcare domain, and using quantitative and qualitative data analysis approaches, we identify a set of reasons relating to technology, people and organisation as key explanations that cause delays in patching. Our findings also reveal that the most prominent cause of delays is attributable to coordination delays in the patch management process and a majority of delays occur during the patch deployment phase. Towards mitigating the delays, we describe a set of strategies employed by the studied practitioners. This research serves as the first step towards understanding the practical reasons for delays and possible mitigation strategies in vulnerability patch management. Our findings provide useful insights for practitioners to understand what and where improvement is needed in the patch management process and guide them towards taking timely actions against potential attacks. Also, our findings help researchers to invest effort into designing and developing computer-supported tools to better support a timely security patch management process.
翻译:尽管及时补丁应用非常关键,但对于在实际应用安全补丁时为何和如何发生延误以及如何减轻延误,人们并不十分了解。根据在四年时间里从132项延迟补丁任务中收集的纵向数据以及由保健领域两个组织的8个小组参与的补丁会议的意见,并利用定量和定性数据分析方法,我们发现一系列与技术、人员和组织有关的理由,作为补补丁方面出现延误的关键解释。我们的调查结果还显示,延误的最主要原因是补丁管理过程的协调延误,以及大部分延迟发生在补丁部署阶段。为了减轻延误,我们介绍了研究的从业人员采用的一套战略。这项研究是了解脆弱性补丁管理方面延误和可能采取缓解战略的实际原因的第一步。我们的调查结果为从业人员提供了有用的见解,使他们了解补丁管理过程需要哪些方面和哪些方面加以改进,并指导他们及时采取行动,打击潜在的袭击。此外,我们的调查结果还帮助研究人员努力设计和开发计算机支持的改进安全管理过程。