Infrastructure Modernization as a Cyber-Resilience Imperative for National Software Ecosystems
DOI:
https://doi.org/10.15662/IJRAI.2024.0703008Keywords:
Cyber, Infrastructure Modernization, Safety, EcosystemAbstract
In this paper, the researchers examine the process of modernization undertaken to enhance national software ecosystems with cyber-resilience. The study is a quantitative approach to the research with actual data in the form of patch records, vulnerability reports, and modernization logs. Some of the key indicators that the study will measure are the patch remediation window, the patch success rate and reduction in the number of the exposed vulnerabilities. The findings indicate that virtualization, automation, renewal of the OS lifecycle, and security hardening result in acceleration of patching, reduction of failed deployments, and vulnerability exposure. The results are in line with the observation that modernization leads to establishment of more stable and secure national systems. The research gives strong evidence on planning and enhancing long term cyber-resilience initiatives.
References
[1] Dissanayake, N., Jayatilaka, A., Zahedi, M., & Babar, M. A. (2021). Software security patch management - A systematic literature review of challenges, approaches, tools and practices. Information and Software Technology, 144, 106771. https://doi.org/10.1016/j.infsof.2021.106771
[2] Li, F., & Paxson, V. (2017). A Large-Scale Empirical Study of Security Patches. CCS ’17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2201–2215. https://doi.org/10.1145/3133956.3134072
[3] Tan, X., Zhang, Y., Cao, J., Sun, K., Zhang, M., & Yang, M. (2022). Understanding the Practice of Security Patch Management across Multiple Branches in OSS Projects. Proceedings of the ACM Web Conference 2022, 767–777. https://doi.org/10.1145/3485447.3512236
[4] Roumani, Y. (2021). Patching zero-day vulnerabilities: an empirical analysis. Journal of Cybersecurity, 7(1). https://doi.org/10.1093/cybsec/tyab023
[5] Arora, A., Krishnan, R., Telang, R., & Yang, Y. (2009). An Empirical analysis of software vendors’ patch release behavior: impact of vulnerability disclosure. Information Systems Research, 21(1), 115–132. https://doi.org/10.1287/isre.1080.0226
[6] Li, S., Yen, D. C., Chen, S., Chen, P. S., Lu, W., & Cho, C. (2015). Effects of virtualization on information security. Computer Standards & Interfaces, 42, 1–8. https://doi.org/10.1016/j.csi.2015.03.001
[7] Ahmadi Mehri, V., Arlos, P., Department of Computer Science, Blekinge Institute of Technology, Casalicchio, E., & Department of Computer Science, Sapienza University of Rome, Italy. (2022). Automated Patch Management: An Empirical Evaluation study [Journal-article]. https://www.diva-portal.org/smash/get/diva2%3A1752783/FULLTEXT01.pdf
[8] Anand, A., Bhatt, N., & Aggrawal, D. (2019). Modeling software patch management based on vulnerabilities discovered. International Journal of Reliability Quality and Safety Engineering, 27(02), 2040003. https://doi.org/10.1142/s0218539320400033
[9] Ross, R., Pillitteri, V., Graubart, R., Bodeau, D., & McQuaid, R. (2021). Developing cyber-resilient systems : https://doi.org/10.6028/nist.sp.800-160v2r1
[10] Capacci, L., Biondini, F., & Frangopol, D. M. (2022). Resilience of aging structures and infrastructure systems with emphasis on seismic resilience of bridges and road networks: Review. Resilient Cities and Structures, 1(2), 23–41. https://doi.org/10.1016/j.rcns.2022.05.001
