If we could only auto-update our applications when vulnerabilities are identified, then we’d surely be safe… that seems to be today’s mindset. To a certain extent, that’s true, but it’s also false.
The idea of auto-updates is not new, it’s been around for a while. It’s all the rave as of late when we talk about websites. It only makes sense, if you know that the weakest link in the chain is the end-user (whom for whatever reason is unable to update) then remove the weakest link, and remove the choice.
The Challenges of Auto Updates in Website Security
There are however a few challenges that come to mind when I think about Auto-Updates, specifically how they relate to Website Security:
- Does little against Unknowns
- Introduces an unmanageable access point
- Goes against best practices
- Requires applications to write to itself