An Empirical Study of Automation in Software Security Patch Management
Several studies have shown that automated support for different activities of the security patch management process has great potential for reducing delays in installing security patches. However, it is also important to understand how automation is used in practice, its limitations in meeting real-world needs and what practitioners really need, an area that has not been empirically investigated in the existing software engineering literature. This paper reports an empirical study aimed at investigating different aspects of automation for security patch management using semi-structured interviews with 17 practitioners from three different organisations in the healthcare domain. The findings are focused on the role of automation in security patch management for providing insights into the as-is state of the automation in practice, the limitations of current automation, how automation support can be enhanced to effectively meet practitioners’ needs, and the role of the human in an automated process. Based on the findings, we have derived a set of recommendations for directing future efforts aimed at developing automated support for security patch management.
Wed 12 OctDisplayed time zone: Eastern Time (US & Canada) change
10:00 - 12:00 | Technical Session 9 - Security and Privacy Research Papers / Industry Showcase at Ballroom C East Chair(s): Wei Yang University of Texas at Dallas | ||
10:00 20mResearch paper | Keeping Secrets: Multi-objective Genetic Improvement for Detecting and Reducing Information Leakage Research Papers Ibrahim Mesecan Iowa State University, Daniel Blackwell University College London, David Clark University College London, Myra Cohen Iowa State University, Justyna Petke University College London | ||
10:20 20mResearch paper | ThirdEye: Attention Maps for Safe Autonomous Driving Systems Research Papers Andrea Stocco UniversitĂ della Svizzera italiana (USI), Paulo J. Nunes Federal University of Pernambuco, Marcelo d'Amorim Federal University of Pernambuco, Paolo Tonella USI Lugano DOI Pre-print | ||
10:40 20mIndustry talk | Finding Property Violations through Network Falsification: Challenges, Adaptations and Lessons Learned from OpenPilot Industry Showcase | ||
11:00 20mResearch paper | Scrutinizing Privacy Policy Compliance of Virtual Personal Assistant Apps Research Papers Fuman Xie University of Queensland, Yanjun Zhang University of Queensland, Chuan Yan University of Queensland, Suwan Li Nanjing University, Lei Bu Nanjing University, Kai Chen SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, China, Zi Huang University of Queensland, Guangdong Bai University of Queensland | ||
11:20 20mResearch paper | An Empirical Study of Automation in Software Security Patch Management Research Papers Nesara Dissanayake University of Adelaide, Asangi Jayatilaka University of Adelaide, Mansooreh Zahedi The Univeristy of Melbourne, Muhammad Ali Babar University of Adelaide | ||
11:40 20mResearch paper | Are They Toeing the Line? Diagnosing Privacy Compliance Violations among Browser Extensions Research Papers Yuxi Ling National University of Singapore, Kailong Wang National University of Singapore, Guangdong Bai University of Queensland, Haoyu Wang Huazhong University of Science and Technology, China, Jin Song Dong National University of Singapore | ||