To Patch or Not to Patch

A Decision Process for Applying Patches to Software in the Safety Critical Domain

Safety critical systems have been growing in complexity and many are now connected to networks which is eroding the traditional air gap argument, this combined with the increased use of commercial off the shelf software is leading to a situation where they are vulnerable to attack. Many systems with vulnerabilities have patches available which can start to mitigate these attacks but applying patches comes with its own risks. This project investigates how a decision can be made whether to apply patches or not and how to evaluate the risks associated. The work concludes that a patching decision can be made by using a risk based process and proposes a Goal Structuring Notation pattern that can be used to justify the patching decision.