System Administrators and Patch Management - Information sources for Patch Decision Making

The objectives of this thesis is to understand the information sources and gathering behaviours of system administrators (sysadmins) tasked with the application of patches/updates to core business technological systems. We are interested in this as patches often contain security/ vulnerability fixes which plug holes in systems. Therefore, without timely application of said patches, sysadmins will potentially increase their risk of these vulnerabilities being exploited by malicious attackers.
This will be done through studying:
1. Online communities of sysadmins, as they share information through forums and mailing lists.
2. Ethnographic studies of sysadmins in industrial settings as they deal with day-to-day workflow problems.
This data will be used to understand the trust and risk relationships that relate to information sources and sysadmins' reliance on these Online communities for information verification.
The approaches taken used web-scraping, web-ethnography, qualitative code-book design and application, and an ethnographic/ contextual inquiry technique.
The novel engineering content is the social-technical impact of patching information and its theorized impact on patching decisions. Insights will be used to propose design insights for update feedback systems to aid with the timely application of patches.