AV/FW Adoption Sudies
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Wed Jun 9 18:34:12 UTC 2004
On Tue, 08 Jun 2004 17:29:51 CDT, Dennis Dayman <dennis at thenose.net> said:
>
> Does anyone know of any studies on user adoption of security s/w (AV and FW
> products), including how often people update and how regularly?
Two papers that might help:
A writeup on the OpenSSL holes, the Slapper worm, and when/why users
patched their systems. 17 pages, PDF.
http://www.rtfm.com/upgrade.pdf
Lots of interesting conclusions about user behavior, which we probably
need to consider when planning. Some non-trivial math/stats, but they
explain what the results mean in plain English too, so feel free to
skip over the formulas to the "this clearly shows..."..
Crispin Cowan's presentation from Usenix LISA:
http://wirex.com/~crispin/time-to-patch-usenix-lisa02.ps.gz
Both of these papers are somewhat flawed in that they focus on the
mostly-broken idea that the admin/user would even know a patch if it came by
and bit them on the posterior.....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20040609/23dd530e/attachment.sig>
More information about the NANOG
mailing list