skip to main content
column
Free access

Updates, Threats, and Risk Management

Published: 21 April 2023 Publication History

Abstract

Revisiting a recent column considering security updates.

References

[1]
Biden, J.R. Executive Order on Improving the Nation's Cybersecurity. (May 12, 2021); https://bit.ly/3FfDI7M
[2]
Di Tizio, G. A quantitative evaluation against advanced persistent threats. IEEE Transactions on Software Engineering (2022).
[3]
Drug and Device Law. New Decision Directly Addresses the "Is Software a Product" Question. (May 2, 2022); https://bit.ly/3JrKZnE
[4]
Information Technology Laboratory. National Vulnerability Database: Vulnerability Metrics. National Institute of Standards and Technology; https://bit.ly/2IzbEfp
[5]
Joint Task Force Transformation Initiative. Managing Information Security Risk, Organization, Mission, and Information System View. National Institute of Standards and Technology, Gaithersburg, MD, 2011.
[6]
Kamp, P.H. The software industry is the problem. Commun. ACM 54, 11 (Nov. 2011), 44--47.
[7]
Kerner, S.M. Ikea pPatched for Shellshock by methodically upgrading all servers. eWeek (June 28, 2015); https://bit.ly/3ZE7b3p
[8]
Klein, G. et al. seL4: Formal verification of an operating system kernel. Commun. ACM 53, 6 (June 2010), 107--115.
[9]
Massacci, F. and di Tizio, G. Are software updates useless against advanced persistent threats? Commun. ACM 66, 1 (Jan. 2023), 31--33.
[10]
Microsoft Corporation. Microsoft Digital Defense Report. (Oct. 2021); https://bit.ly/3mBaaLn
[11]
Morrow, S. Time to patch: Vulnerabilities exploited in under five minutes? (Aug. 2, 2021); https://bit.ly/3Fdk4cP
[12]
Souppaya, M. Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities. National Institute of Standards and Technology, Gaithersburg, MD, 2022.
[13]
U.S. National Cybersecurity Strategy. March 2023; https://bit.ly/40d1biD
[14]
Verizon. 2022 Data Breach Investigations Report. (May 24, 2022); https://vz.to/3JufDNb

Cited By

View all

Recommendations

Comments

Information & Contributors

Information

Published In

cover image Communications of the ACM
Communications of the ACM  Volume 66, Issue 5
May 2023
92 pages
ISSN:0001-0782
EISSN:1557-7317
DOI:10.1145/3594498
  • Editor:
  • James Larus
Issue’s Table of Contents
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 April 2023
Published in CACM Volume 66, Issue 5

Check for updates

Qualifiers

  • Column

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)452
  • Downloads (Last 6 weeks)98
Reflects downloads up to 18 Jan 2025

Other Metrics

Citations

Cited By

View all

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Digital Edition

View this article in digital edition.

Digital Edition

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Full Access

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media