AV/FW Adoption Sudies

• Previous message (by thread): AV/FW Adoption Sudies
• Next message (by thread): AV/FW Adoption Sudies
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 08 Jun 2004 17:29:51 CDT, Dennis Dayman <dennis at thenose.net>  said:
> 
> Does anyone know of any studies on user adoption of security s/w (AV and FW
> products), including how often people update and how regularly?

Two papers that might help:

A writeup on the OpenSSL holes, the Slapper worm, and when/why users
patched their systems.  17 pages, PDF.

http://www.rtfm.com/upgrade.pdf

Lots of interesting conclusions about user behavior, which we probably
need to consider when planning.  Some non-trivial math/stats, but they
explain what the results mean in plain English too, so feel free to
skip over the formulas to the "this clearly shows..."..

Crispin Cowan's presentation from Usenix LISA:

http://wirex.com/~crispin/time-to-patch-usenix-lisa02.ps.gz

Both of these papers are somewhat flawed in that they focus on the
mostly-broken idea that the admin/user would even know a patch if it came by
and bit them on the posterior.....


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20040609/23dd530e/attachment.sig>

• Previous message (by thread): AV/FW Adoption Sudies
• Next message (by thread): AV/FW Adoption Sudies
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]