Software Security Patch Management – A Systematic Literature Review of Challenges, Approaches, Tools and Practices
release_eajutjxr75drnjgsygc3t7ezoi
by
Nesara Dissanayake, Asangi Jayatilaka, Mansooreh Zahedi, M. Ali Babar
2021
Abstract
Context: Software security patch management purports to support the process
of patching known software security vulnerabilities. Given the increasing
recognition of the importance of software security patch management, it is
important and timely to systematically review and synthesise the relevant
literature on this topic.
Objective: This paper aims at systematically reviewing the state of the art
of software security patch management to identify the socio-technical
challenges in this regard, reported solutions (i.e., approaches, tools, and
practices), the rigour of the evaluation and the industrial relevance of the
reported solutions, and to identify the gaps for future research.
Method: We conducted a systematic literature review of 72 studies published
from 2002 to March 2020, with extended coverage until September 2020 through
forward snowballing.
Results: We identify 14 socio-technical challenges, 18 solution approaches,
tools and practices mapped onto the software security patch management process.
We provide a mapping between the solutions and challenges to enable a reader to
obtain a holistic overview of the gap areas. The findings also reveal that only
20.8% of the reported solutions have been rigorously evaluated in industrial
settings.
Conclusion: Our results reveal that 50% of the common challenges have not
been directly addressed in the solutions and that most of them (38.9%) address
the challenges in one phase of the process, namely vulnerability scanning,
assessment and prioritisation. Based on the results that highlight the
important concerns in software security patch management and the lack of
solutions, we recommend a list of future research directions. This study also
provides useful insights about different opportunities for practitioners to
adopt new solutions and understand the variations of their practical utility.
In text/plain
format
Archived Files and Locations
application/pdf 1.3 MB
file_54e4jhwch5bmjjnvczca5kqloa
|
arxiv.org (repository) web.archive.org (webarchive) |
2012.00544v3
access all versions, variants, and formats of this works (eg, pre-prints)