Home → Magazine Archive → January 2023 (Vol. 66, No. 1) → Are Software Updates Useless against Advanced Persistent... → Abstract

Are Software Updates Useless against Advanced Persistent Threats?

By Fabio Massacci, Giorgio di Tizio

Communications of the ACM, Vol. 66 No. 1, Pages 31-33

[article image]

A dilemma derived from Shakespeare's Hamlet is increasingly haunting company and security researchers: "to update or not to update, this is the question." From the perspective of recommended common practices by software vendors the answer is unambiguous: You should keep your software up to date.8 But is common sense always good sense? We argue it is not.

Last year in a Communications article,4 Poul-Henning Kamp argued these industry best practices do not seem to work and a more radical reform is needed. In the same year, Massacci et al. recalled the SolarWinds attack was funneled by an update5 and a follow-up article7 indicated the recent protestware attacks are also channeled through updates.


No entries found