当前位置:
X-MOL 学术
›
arXiv.cs.SE
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
A Grounded Theory of the Role of Coordination in Software Security Patch Management
arXiv - CS - Software Engineering Pub Date : 2021-06-07 , DOI: arxiv-2106.03458 Nesara Dissanayake, Mansooreh Zahedi, Asangi Jayatilaka, M. Ali Babar
arXiv - CS - Software Engineering Pub Date : 2021-06-07 , DOI: arxiv-2106.03458 Nesara Dissanayake, Mansooreh Zahedi, Asangi Jayatilaka, M. Ali Babar
Several disastrous security attacks can be attributed to delays in patching
software vulnerabilities. While researchers and practitioners have paid
significant attention to automate vulnerabilities identification and patch
development activities of software security patch management, there has been
relatively little effort dedicated to gain an in-depth understanding of the
socio-technical aspects, e.g., coordination of interdependent activities of the
patching process and patching decisions, that may cause delays in applying
security patches. We report on a Grounded Theory study of the role of
coordination in security patch management. The reported theory consists of four
inter-related dimensions, i.e., causes, breakdowns, constraints, and
mechanisms. The theory explains the causes that define the need for
coordination among interdependent software and hardware components and multiple
stakeholders' decisions, the constraints that can negatively impact
coordination, the breakdowns in coordination, and the potential corrective
measures. This study provides potentially useful insights for researchers and
practitioners who can carefully consider the needs of and devise suitable
solutions for supporting the coordination of interdependencies involved in
security patch management.
中文翻译:
协调在软件安全补丁管理中的作用的扎根理论
一些灾难性的安全攻击可归因于修补软件漏洞的延迟。虽然研究人员和从业人员非常关注软件安全补丁管理的漏洞识别和补丁开发活动的自动化,但相对较少的努力致力于深入了解社会技术方面,例如,相互依赖的活动的协调。补丁过程和补丁决策,这可能会导致应用安全补丁的延迟。我们报告了关于协调在安全补丁管理中的作用的扎根理论研究。报告的理论由四个相互关联的维度组成,即原因、故障、约束和机制。该理论解释了定义相互依赖的软件和硬件组件以及多个利益相关者的决策之间需要协调的原因、可能对协调产生负面影响的约束、协调中的故障以及潜在的纠正措施。这项研究为研究人员和从业人员提供了潜在有用的见解,他们可以仔细考虑安全补丁管理中涉及的相互依赖性的协调需求并设计合适的解决方案。
更新日期:2021-06-08
中文翻译:
协调在软件安全补丁管理中的作用的扎根理论
一些灾难性的安全攻击可归因于修补软件漏洞的延迟。虽然研究人员和从业人员非常关注软件安全补丁管理的漏洞识别和补丁开发活动的自动化,但相对较少的努力致力于深入了解社会技术方面,例如,相互依赖的活动的协调。补丁过程和补丁决策,这可能会导致应用安全补丁的延迟。我们报告了关于协调在安全补丁管理中的作用的扎根理论研究。报告的理论由四个相互关联的维度组成,即原因、故障、约束和机制。该理论解释了定义相互依赖的软件和硬件组件以及多个利益相关者的决策之间需要协调的原因、可能对协调产生负面影响的约束、协调中的故障以及潜在的纠正措施。这项研究为研究人员和从业人员提供了潜在有用的见解,他们可以仔细考虑安全补丁管理中涉及的相互依赖性的协调需求并设计合适的解决方案。