Software update is an important mechanism by which security changes and improvements are made in software, and this seemingly simple concept encompasses a wide variety of practices, mechanisms, policies, and technologies. To explore the landscape further, the Forum on Cyber Resilience hosted a workshop featuring invited speakers from government, the private sector, and academia. This publication summarizes the presentations and discussions from the workshop.

Table of Contents


Front Matter
Workshop Introduction
1 Policy Considerations: The Intersection of Public Values and Private Infrastructure
2 Technical Considerations for Secure Software Updates
3 Microsoft's Approach to Software Updates
4 Update Issues for Open Source Software
5 Cisco's Approach to Software Updates
6 Ensuring Robust Firmware Updates
7 Updates in the Consumer Electronics Industry
8 Software Updates in Automotive Electronic Control Units
9 The NIST Perspective on Software Updates
10 Protecting Consumers from Software Update Risks
11 Discussion
Afterword
Appendixes
Appendix A: Workshop Agenda and Participants List
Appendix B: Steering Committee Biographies
Appendix C: Speaker Biographies