twitter facebook rss

Patches (and Vulnerabilities, and Exploits)

Posted by on April 7, 2016.

As Clarence Carter once sang, ‘Patches, I’m depending on you…’

I don’t generally use this blog as a means for promoting articles on other sites. However, I recently found myself involved in not one but two articles on what I consider to be a pretty important topic, and so I hope that Kevin will forgive me. After all, he contributed to one of them too. 🙂

From time to time, Heimdal Security puts together a ‘security expert roundup’ articles, where it invites a bunch of security experts (not to mention me…) to give their answers to various questions on a given issue. On this occasion, Andra Zaharia asked us six questions about vulnerabilities, patches and updates.

  • As an expert in cyber security, how do you prioritize patching in a multi-layered approach to data safety?
  • How would you explain the importance of patching so your grandma can understand it?
  • A question on every user’s mind: why is software so vulnerable? And what can software users do about it?
  • What is your main practical advice for users regarding patching?
  • How could users cultivate a healthy habit of keeping their software up to date? Would you recommend any particular tools?
  • On a corporate/institutional scale, what could help more companies leverage the benefits of patching as a proactive security measure?

And here’s the list of people who offered their responses, according to Heimdal.

  • Liviu Arsene, Bitdefender
  • Tod Beardsley, Rapid7
  • Brian Donohue, Cyber4sight
  • John Dunn, Techworld
  • Dan Goodin, Ars Technica
  • David Harley, ESET
  • Morten Kjaersgaard, Heimdal Security
  • Pavel Krčma, Sticky Password
  • Patrick Nuttal, London Digital Security Centre
  • Pierluigi Paganini, Security Affairs
  • Matthew Pascucci, Front Line Sentinel
  • Andrei Petrus, Avira
  • Dave Piscitello, ICANN
  • Joe Shenouda, Cyber Consult
  • Kevin Townsend,

That list alone makes the Heimdal article worth reading, and I’m sure many readers of this blog will find it of interest. After all, it does include contributions from two ITsecurity regulars. 😉 You can find it here: 15 Experts Explain Why Software Patching is Key for Your Online Security.

And, of course, I was very happy to volunteer my own thoughts on the topic. However, my intended terse responses snowballed into a document the size of a small encyclopaedia, and clearly more suitable for a full-length article in its own right, though Andra was kind enough to quote it at some length in the Heimdal article.

That expanded article is available on ESET’s blog site here: Vulnerabilities, exploits and patches

David Harley

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: David Harley | Tags: , , , , ,