A Deep Dive into the Socio-Technical Aspects of Delays in Security Patching
A Deep Dive into the Socio-Technical Aspects of Delays in Security Patching
Download presentation (PDF, 5.07 MB)
Most of the successful security attacks can be attributed to delays in security patching. Whilst significant attention has been paid to automate vulnerabilities identification and patch development activities of software security patch management, there has been relatively little effort dedicated to empirically exploring and understanding the socio-technical aspects of delays in security patching. Based on a longitudinal collaboration with a health services agency, Prof Babar and his colleagues have carried out multiple studies to gain an evidence-based understanding of the key reasons that may cause delays in patching and how to avoid them. Their studies have leveraged the data of 132 delayed patching tasks over a period of four years, observations of patch meetings involving eight teams from two organisations and interviews. They analysed that data using approaches inspired from grounded theory.
In this talk, Prof Babar will provide a brief background and methodologically aspects of their studies before taking a deep dive into the key findings. He will elaborate how their studies are expected to help improve the industrial patch management process and guide the future research aimed at developing suitable approaches and tools for supporting timely security patching.
About the speaker
Professor, University of Adelaide
M. Ali Babar is a Professor in the School of Computer Science, University of Adelaide. He leads a theme on architecture and platform for security as service in CyberSecurity Cooperative Research Centre. Prof Babar has established an interdisciplinary research centre called CREST (Centre for Research on Engineering Software Technologies), where he directs the research, education, and engineering activities of more than 25 researchers and engineers. Prof Babar has attracted more than $12 Millions dollar cash funding from industry/government since 2017. Professor Babar has authored/co-authored more than 270 peer-reviewed research papers at premier Software journals and conferences.
Monash University values the privacy of every individual's personal information and is committed to the protection of that information from unauthorised use and disclosure except where permitted by law. For information about the handling of your personal information please see Data Protection and Privacy Procedure and the relevant Data Protection and Privacy Collection Statement that applies to you depending on the nature of your interaction with us.
If you have any questions about how Monash University is collecting and handling your personal information, please contact our Data Protection and Privacy Office at dataprotectionofficer@monash.edu.