December 15, 2017

Avoid an Equifax-like breach? Help us understand how system administrators patch machines

The recent Equifax breach that leaked around 140 million Americans’ personal information was boiled down to a system patch that was never applied, even after the company was alerted to the vulnerability in March 2017.

Our work studying how users manage software updates on desktops and mobile tells a story that keeping machines patched is far from simple. Often, users do not want to apply patches because they do not trust the vendors who create the patches, the patches are applied in ways that cause too much downtime, or because the user interface changes updates make, upset users’ workflow. However, if we are going to better understand and help improve the way patches are applied so that breaches like the Equifax one are easier to avoid, we need to also study how system administrators patch multiple machines. The end goal of this work is to improve the software updating experience for everyday users as well as system administrators and enhance cybersecurity overall—after all what’s a patch really worth if it’s never installed.

You can help us to achieve this goal by forwarding our survey for system administrators who manage software updates to people you know in the United States who are over 18 years of age. If you are a system administrator who manages updates for your organization, we’d greatly appreciate you taking 10-15 minutes to complete this survey. System administrators who manage updates can also participate by signing up for an hour remote interview. As a token of our appreciation, we are raffling off a Samsung Galaxy S8 to participants who complete the survey. Each interviewees will also be given a $20 Amazon gift card.

To learn more about our work, visit our project page, and please reach out to us at any time if you have any questions.