Project THESEUS

Project THESEUS

THESEUS is a project funded by the Dutch Research Council (NWO) that unites researchers and practitioners from three Dutch universities and fifteen industrial partners. The central objective of project THESEUS is to empower organizations to patch much faster. It aims to achieve this by radically changing the risk governance of patching. Changing the risk of patching for enterprises means to develop interdisciplinary breakthroughs at three interdependent levels:

  • Systems: reducing risk of patching via new techniques in automatic vulnerability and patch triaging, as well as automatic patch generation with live update for cases where critical patches pose unacceptable availability risks.
  • Enterprises: better quantifying risk of patching by assessing and aggregating the results of the patch triaging, as a way to estimate exploit likelihood in a coherent picture that accounts for different attacker models and functional impact.
  • Governance: more effectively managing risks of patching by introducing incentive mechanisms via notifications and information sharing, sector-wide benchmarks of patching speed, and potentially legal instruments.

Latest