-
@idl3r The problem is that the dynamic patching infrastructure itself becomes a possible attack vector. Dynamic kernel patching at run time is difficult even from a stability point of view without starting to consider security implications. It's possible, but really, really hard.Permalink On twitter.com
Mood -5 🙁
-
@idl3r And if a vendor/OEM has the required expertise and security team size to implement dynamic patching correctly, with fast response time, and at scale, then often standard OTA updates are actually the easier solution. There are exceptions, but normally OTA is simpler and safer.On twitter.com
-
@idl3r Note that these recommendations are explicitly intended for vendors/OEMs who build the actual products, not aftermarket or enterprise scenarios where different aspects may be considered.Permalink On twitter.com