The National Academies Press

Currently Skimming:

Afterword
Pages 66-70

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 66... ... This topic was not discussed at length during the workshop, but it merits careful consideration. Developers and engineers ought to plan for supporting updates to artifacts they create and respond to software update for building blocks they incorporate, because situations change and customers and/or their data may be put at risk. Read the entire page →
From page 67... ... ■ well-managed cloud commonly makes updates easier because such an installation A would likely have a large professional security staff, uniform hardware, and software control procedures already in place. The IoT and cyber-physical systems can lack these properties, and thus cannot take advantage of the security benefits that a well managed cloud environment provides. Read the entire page →
From page 68... ... ■ Observe trial users managing the updates, and design the process in ways that would make their lives easier, including the following: • Involve the product marketing team in persuading customers to accept updates and ensure that the process to accept updates is straightforward. 68 Forum on Cyber Resilience Read the entire page →
From page 69... ... The best technical practices at the moment include the following: • Test thoroughly but swiftly, accept feedback, and do postmortems after deployment; • Provide quick-rollback mechanisms to mitigate the impact of failed updates; • Protect against subversion of the update channel; • Avoid using "security update" to advance other business interests; and • Carefully consider whether to separate security updates from feature updates. Such separation can be helpful to enterprise and other large users who are cautious about system reliability and perceive a need to verify that security updates will not have unexpected impacts; however, some suppliers, notably the Linux kernel, do not distinguish. Read the entire page →
From page 70... ... We offer these thoughts as an additional personal perspective inspired by conversations with workshop participants and Forum members. Our thanks to them for their insightful discussions and comments on this important topic. Read the entire page →

From page 66...

... This topic was not discussed at length during the workshop, but it merits careful consideration. Developers and engineers ought to plan for supporting updates to artifacts they create and respond to software update for building blocks they incorporate, because situations change and customers and/or their data may be put at risk.

Read the entire page →

From page 67...

... ■ well-managed cloud commonly makes updates easier because such an installation A would likely have a large professional security staff, uniform hardware, and software control procedures already in place. The IoT and cyber-physical systems can lack these properties, and thus cannot take advantage of the security benefits that a well managed cloud environment provides.

Read the entire page →

From page 68...

... ■ Observe trial users managing the updates, and design the process in ways that would make their lives easier, including the following: • Involve the product marketing team in persuading customers to accept updates and ensure that the process to accept updates is straightforward. 68 Forum on Cyber Resilience

Read the entire page →

From page 69...

... The best technical practices at the moment include the following: • Test thoroughly but swiftly, accept feedback, and do postmortems after deployment; • Provide quick-rollback mechanisms to mitigate the impact of failed updates; • Protect against subversion of the update channel; • Avoid using "security update" to advance other business interests; and • Carefully consider whether to separate security updates from feature updates. Such separation can be helpful to enterprise and other large users who are cautious about system reliability and perceive a need to verify that security updates will not have unexpected impacts; however, some suppliers, notably the Linux kernel, do not distinguish.

Read the entire page →

From page 70...

... We offer these thoughts as an additional personal perspective inspired by conversations with workshop participants and Forum members. Our thanks to them for their insightful discussions and comments on this important topic.

Read the entire page →

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

Afterword Pages 66-70

Afterword
Pages 66-70