New bugs and vulnerabilities are discovered and reported from time to time even after software products are released. One of the common ways to handle these bugs is to patch the software. In this paper, the authors pr...New bugs and vulnerabilities are discovered and reported from time to time even after software products are released. One of the common ways to handle these bugs is to patch the software. In this paper, the authors propose a stochastic model for optimizing the patching time for software bugs and vulnerabilities. The optimal patching time can be computed in the patching script development and operational costs in fix. The authors present two case studies using the Nimda worm vulnerability in Microsoft Internet Information Services web server and the bug report of the Debian project. These studies indicate that the patch applications are later than their optimal fix time.展开更多
文摘New bugs and vulnerabilities are discovered and reported from time to time even after software products are released. One of the common ways to handle these bugs is to patch the software. In this paper, the authors propose a stochastic model for optimizing the patching time for software bugs and vulnerabilities. The optimal patching time can be computed in the patching script development and operational costs in fix. The authors present two case studies using the Nimda worm vulnerability in Microsoft Internet Information Services web server and the bug report of the Debian project. These studies indicate that the patch applications are later than their optimal fix time.
