Correlation immunity

In mathematics, the correlation immunity of a Boolean function is a measure of the degree to which its outputs are uncorrelated with some subset of its inputs. Specifically, a Boolean function is said to be correlation-immune of order m if every subset of m or fewer variables in x 1 , x 2 , … , x n {\displaystyle x_{1},x_{2},\ldots ,x_{n}} is statistically independent of the value of f ( x 1 , x 2 , … , x n ) {\displaystyle f(x_{1},x_{2},\ldots ,x_{n})} . == Definition == A function f : F 2 n → F 2 {\displaystyle f:\mathbb {F} _{2}^{n}\rightarrow \mathbb {F} _{2}} is k {\displaystyle k} -th order correlation immune if for any independent n {\displaystyle n} binary random variables X 0 … X n − 1 {\displaystyle X_{0}\ldots X_{n-1}} , the random variable Z = f ( X 0 , … , X n − 1 ) {\displaystyle Z=f(X_{0},\ldots ,X_{n-1})} is independent from any random vector ( X i 1 … X i k ) {\displaystyle (X_{i_{1}}\ldots X_{i_{k}})} with 0 ≤ i 1 < … < i k < n {\displaystyle 0\leq i_{1}<\ldots

Augment (app)

Augment is an augmented reality SaaS platform that allows users to visualize their products in 3D in real environment and in real-time through tablets or smartphones. The software can be used for retail, e-commerce, architecture, and other purposes. Augment created a mobile app of the same name, used to visualize 3D models in augmented reality and a web application called Augment Manager for 3D content management. The company is based in Paris, France, and was founded in October 2011 by Jean-François Chianetta, Cyril Champier, and Mickaël Jordan. In March 2016, Augment announced €3 million in its series-A round from Salesforce Ventures, which bringing the total funding since launch to $4.7 million. Augment lets businesses and 3D professionals visualize projects in their actual size and environment, on iPhone, iPad, and Android, using the power of augmented reality. Users can print the Augment tracker or create their own tracker to place the 3D models in space and at scale in real time. Common uses of the technology include product presentations, interactive print campaigns and e-Commerce product visualization. Augment has just released its augmented reality SDK solutions for retail and augmented commerce. The SDK solutions, available for both native mobile app and web integrations, allow companies to embed augmented reality product visualization in their existing eCommerce platforms. == Technology == Augment uses the following 3D technologies: Vuforia Augmented Reality SDK OpenGL == Customer cases == Companies such as Coca-Cola, Siemens, Nokia, Nestle, and Boeing are using Augment's solutions. == History == Augment was first created by Jean-François Chianetta in October 2011. Chianetta later teamed up with Cyril Champier and Mickaël Jordan for further development. The co-founding team was among the 12 startups of Season 3 of French accelerator Le Camping. The team raised one million euros (US$1,300,000) in April 2013 and moved its office to Paris. In March 2016, Augment raised US$3M Series A funding from Salesforce and other investors. In 2013, Augment's first service, Boost Business Catalog, was made available to help businesses catalogue and display their product models. Customers can rotate the images in 3D and view augmented content before deciding what to buy. == Awards == "Best Innovation" at Ecommerce Mag Trophy 2013

Video game

A video game, computer game, or simply game is an electronic game that involves interaction with a user interface or input device (such as a joystick, controller, keyboard, or motion sensing device) to generate visual feedback from a display device, most commonly shown in a video format on a television set, computer monitor, flat-panel display or touchscreen on handheld devices, or a virtual reality headset. Most modern video games are audiovisual, with audio complement delivered through speakers or headphones, and sometimes also with other types of sensory feedback (e.g., haptic technology that provides tactile sensations). Some video games also allow microphone and webcam inputs for in-game chatting and livestreaming. Video games are typically categorized according to their hardware platform, which traditionally includes arcade video games, console games, and computer games (which includes LAN games, online games, and browser games). More recently, the video game industry has expanded onto mobile gaming through mobile devices (such as smartphones and tablet computers), virtual and augmented reality systems, and remote cloud gaming. Video games are also classified into a wide range of genres based on their style of gameplay and target audience. The first video game prototypes in the 1950s and 1960s were simple extensions of electronic games using video-like output from large, room-sized mainframe computers. The first consumer video game was the arcade video game Computer Space in 1971, which took inspiration from the earlier 1962 computer game Spacewar!. In 1972 came the now-iconic video game Pong and the first home console, the Magnavox Odyssey. The industry grew quickly during the "golden age" of arcade video games from the late 1970s to early 1980s but suffered from the crash of the North American video game market in 1983 due to loss of publishing control and saturation of the market. Following the crash, the industry matured, was dominated by Japanese companies such as Nintendo, Sega, and Sony, and established practices and methods around the development and distribution of video games to prevent a similar crash in the future, many of which continue to be followed. In the 2000s, the core industry centered on "AAA" games, leaving little room for riskier experimental games. Coupled with the availability of the Internet and digital distribution, this gave room for independent video game development (or "indie games") to gain prominence into the 2010s. Since then, the commercial importance of the video game industry has been increasing. The emerging Asian markets and proliferation of smartphone games in particular are altering player demographics towards casual and cozy gaming, and increasing monetization by incorporating games as a service. Today, video game development requires numerous skills, vision, teamwork, and liaisons between different parties, including developers, publishers, distributors, retailers, hardware manufacturers, and other marketers, to successfully bring a game to its consumers. As of 2020, the global video game market had estimated annual revenues of US$159 billion across hardware, software, and services, which is three times the size of the global music industry and four times that of the film industry in 2019, making it a formidable heavyweight across the modern entertainment industry. The video game market is also a major influence behind the electronics industry, where personal computer component, console, and peripheral sales, as well as consumer demands for better game performance, have been powerful driving factors for hardware design and innovation. == Origins == Early video games used interactive electronic devices with various display formats. The earliest example dates to 1947—a "cathode-ray tube amusement device" was filed for a patent on 25 January 1947, by Thomas T. Goldsmith Jr. and Estle Ray Mann, and issued on 14 December 1948, as U.S. Patent 2455992. Inspired by radar display technology, it consisted of an analog device allowing a user to control the parabolic arc of a dot on the screen to simulate a missile being fired at targets, which were paper drawings fixed to the screen. Other early examples include the Nimrod computer at the 1951 Festival of Britain; Christopher Strachey's Checkers, possibly the first game to display visuals on an electronic screen in 1952; OXO, a tic-tac-toe computer game by Alexander S. Douglas for the EDSAC in 1952; Tennis for Two, an electronic interactive game engineered by William Higinbotham in 1958; and Spacewar!, written by Massachusetts Institute of Technology students Martin Graetz, Steve Russell, and Wayne Wiitanen's on a DEC PDP-1 computer in 1962. Each game had different means of display: NIMROD had a panel of lights to play the game of Nim, OXO had a graphical display to play tic-tac-toe, Tennis for Two had an oscilloscope to display a side view of a tennis court, and Spacewar! had the DEC PDP-1's vector display to have two spaceships battle each other. These inventions laid the foundation for modern video games. In 1966, while working at Sanders Associates, Ralph H. Baer devised a system to play a basic table tennis game on a television screen. With the company's approval, Baer created the prototype known as the "Brown Box". Sanders patented Baer's innovations and licensed them to Magnavox, which commercialized the technology as the first home video game console, the Magnavox Odyssey, released in 1972. Separately, Nolan Bushnell and Ted Dabney, inspired by seeing Spacewar! running at Stanford University, devised a similar version running in a smaller coin-operated arcade cabinet using a less expensive computer. This was released as Computer Space, the first arcade video game, in 1971. Bushnell and Dabney went on to form Atari, Inc., and with Allan Alcorn, created their second arcade game in 1972, the hit ping pong-style Pong, which was directly inspired by the table tennis game on the Odyssey. Atari made a home version of Pong, which was released by Christmas 1975. The success of the Odyssey and Pong, both as an arcade game and home machine, launched the video game industry. Both Baer and Bushnell have been titled "Father of Video Games" for their contributions. == Terminology == The term "video game" was developed to describe electronic games played on a video display rather than on a teletype printer, audio speaker, or similar device. This also distinguished from handheld electronic games such as Merlin, which commonly used LED lights for indicators not in combination for imaging purposes. "Computer game" may also be used as a descriptor, as all these types of games essentially require the use of a computer processor; in some cases, it is used interchangeably with "video game". Particularly in the United Kingdom and Western Europe, this is common due to the historic relevance of domestically produced microcomputers. Other terms used include digital game, for example, by the Australian Bureau of Statistics. The term "computer game" can also refer to PC games, which are played primarily on personal computers or other flexible hardware systems, to distinguish them from console games, arcade games, or mobile games. Other terms, such as "television game", "telegame", or "TV game", had been used in the 1970s and early 1980s, particularly for home gaming consoles that rely on connection to a television set. However, these terms were also used interchangeably with "video game" in the 1970s, primarily due to "video" and "television" being synonymous. In Japan, where consoles like the Odyssey were first imported and then made within the country by the large television manufacturers such as Toshiba and Sharp Corporation, such games are known as "TV games", "TV geemu", or "terebi geemu". The term "TV game" is still commonly used into the 21st century. "Electronic game" may also be used to refer to video games, but this also incorporates devices like early handheld electronic games that lack any video output. The first appearance of the term "video game" emerged around 1973. The Oxford English Dictionary cited a 10 November 1973 BusinessWeek article as the first printed use of the term. Though Bushnell believed the term came from a vending magazine review of Computer Space in 1971, a review of the major vending magazines Vending Times and Cashbox showed that the term may have come even earlier, appearing first in a letter dated July 10, 1972. In the letter, Bushnell uses the term "video game" twice. Per video game historian Keith Smith, the sudden appearance suggested that the term had been proposed and readily adopted by those in the field. Around March 1973, Ed Adlum, who ran Cashbox's coin-operated section until 1972 and then later founded RePlay Magazine, covering the coin-op amusement field, in 1975, used the term in an article in March 1973. In a September 1982 issue of RePlay, Adlum is credited with first naming these games as "video games": "RePlay

Electronic submission

Electronic submission refers to the submission of a document by electronic means: that is, via e-mail or a web form on the Internet, or on an electronic medium such as a compact disc, a hard disk or a USB flash drive. Traditionally, the term "manuscript" referred to anything that was explicitly "written by hand". However, in popular usage and especially in the context of computers and the internet, the term "manuscript" may even refer to documents (text or otherwise) typed out or prepared on typewriters and computers and can be extended to digital photographs and videos, and online surveys too. In other words, any manuscript prepared and submitted online can be considered to be an electronic submission. == History and early usage == There is no concrete data indicating when and by whom were electronic submissions used for the first time. However, research based universities in several countries have been encouraging the collection of course assignments and projects in the form of electronic submissions for almost a decade now. Several governments and organizations are also switching to electronic submissions for the collection of research papers, grant applications and government application forms. == Types of electronic submissions == Since modern computers can store and process information and data in virtually any format and with the Internet allowing easy transfer of this data, the number of scenarios in which submissions can be collected electronically has increased exponentially in the last few years. Some of these scenarios are described below. In most of these scenarios, submissions were collected on hard paper until the Information Technology revolution occurred. === Academic Submissions === Teachers, professors and teaching assistants often collect course assignments and projects electronically. Electronic submissions are usually collected using a web-based system which more often than not also helps in the management of submissions collected and stored on it. (Explained By Henny L, University of Lethbridge, AB, Canada) === Research Papers === In call-for-paper or academic conferences, prospective presenters are usually asked to submit a short abstract or a full paper on their presentation or research work electronically, which is reviewed before being accepted for the conference. === Proposals for Grants === Several grant-giving organizations like the NSA, W3C, NIA, NIH etc. require grant seekers to submit a proposal which if accepted result in the desired grants. A majority of these proposals are now submitted electronically on systems that also help in the managing and tracking the proposals submitted. === Articles for Publication === Magazines, newspapers and other publishing houses have begun accepting electronic submissions for articles from various sources - both internal (by journalists and writers hired by them) as well as external (by users and popular readers). The submitted articles are stored on a server hosted by the publication house or by a third-party Archived 2019-10-13 at the Wayback Machine vendor and are usually evaluated before being given a green signal. === Contests and Competition Entries === Almost every kind of contest or competition requires participants to submit an entry in a format described by the organizers of the contest. If the contest is an Internet-based one, then the entries or nominations for the contest are collected electronically using e-mail or other electronic means depending on feasibility and the choice of the organizers. === Government Applications === The governments of several countries are turning to electronic submission of applications and forms for various government procedures. Electronic submissions allow easier management of the applications and forms submitted. === Legal documents === Many legal documents may be submitted to the courts electronically. In England and Wales, the Civil Procedure Rules include a suitable "document exchange" as an acceptable "method of service". Case law in employment law cases has established that where a claim is submitted electronically, a prudent legal adviser should "check that it has been received and there must be systems in place for doing that". === Resumés and CVs === It has become commonplace for job-seekers to submit soft copies (electronic versions) of their resumés and CVs to recruiting agencies and online job portals. This is usually done over the Internet using e-mail or a pre-hosted web-based system. == Submission management systems == The art and science of collecting and managing electronic submissions is called Submission Management. Certain software vendors have begun developing submission management systems to assist in the collection, tracking and management of complex submission processes realized electronically. Most of these systems are web based and accessible from any device with a browser and an Internet connection. However, a majority of these systems are application specific and cannot be applied to all submission management scenarios. == Resistance to electronic submissions == Despite the easier management and tracking of electronic submissions compared to their paper-based counterparts, widespread adoption and use of electronic submissions and systems for managing them has been hampered by several facts, which include but are not limited to: Inconvenience while drawing figures, diagrams and equations on a computer Resistance to change and adoption of new technologies Lack of or limited access to the Internet.

LTE (telecommunication)

In telecommunications, Long Term Evolution (LTE) is a standard for wireless broadband communication for cellular mobile devices and data terminals. It is considered to be a "transitional" 4G technology, and is therefore also referred to as 3.95G as a step above 3G. LTE is based on the 2G GSM/EDGE and 3G UMTS/HSPA standards. It improves on those standards' capacity and speed by using a different radio interface and core network improvements. LTE is the upgrade path for carriers with both GSM/UMTS networks and CDMA2000 networks. LTE has been succeeded by LTE Advanced, which is officially defined as a "true" 4G technology and also named "LTE+". == Terminology == The standard is developed by the 3GPP (3rd Generation Partnership Project) and is specified in its Release 8 document series, with minor enhancements described in Release 9. LTE is also called 3.95G and has been marketed as 4G LTE and Advanced 4G; but the original version did not meet the technical criteria of a 4G wireless service, as specified in the 3GPP Release 8 and 9 document series for LTE Advanced. The requirements were set forth by the ITU-R organisation in the IMT Advanced specification; but, because of market pressure and the significant advances that WiMAX, Evolved High Speed Packet Access, and LTE bring to the original 3G technologies, ITU-R later decided that LTE and the aforementioned technologies can be called 4G technologies. The LTE Advanced standard formally satisfies the ITU-R requirements for being considered IMT-Advanced. To differentiate LTE Advanced and WiMAX-Advanced from current 4G technologies, ITU has defined the latter as "True 4G". == Overview == LTE stands for Long Term Evolution and is a registered trademark owned by ETSI (European Telecommunications Standards Institute) for the wireless data communications technology and development of the GSM/UMTS standards. However, other nations and companies do play an active role in the LTE project. The goal of LTE was to increase the capacity and speed of wireless data networks using new DSP (digital signal processing) techniques and modulations that were developed around the turn of the millennium. A further goal was the redesign and simplification of the network architecture to an IP-based system with significantly reduced transfer latency compared with the 3G architecture. The LTE wireless interface is incompatible with 2G and 3G networks, so it must be operated on a separate radio spectrum. The idea of LTE was first proposed in 1998, with the use of the COFDM radio access technique to replace the CDMA and studying its Terrestrial use in the L band at 1428 MHz (TE) In 2004 by Japan's NTT Docomo, with studies on the standard officially commenced in 2005. In May 2007, the LTE/SAE Trial Initiative (LSTI) alliance was founded as a global collaboration between vendors and operators with the goal of verifying and promoting the new standard to ensure the global introduction of the technology as quickly as possible. The LTE standard was finalized in December 2008, and the first publicly available LTE service was launched by TeliaSonera in Oslo and Stockholm on December 14, 2009, as a data connection with a USB modem. The LTE services were launched by major North American carriers as well, with the Samsung SCH-r900 being the world's first LTE Mobile phone starting on September 21, 2010, and Samsung Galaxy Indulge being the world's first LTE smartphone starting on February 10, 2011, both offered by MetroPCS, and the HTC ThunderBolt offered by Verizon starting on March 17 being the second LTE smartphone to be sold commercially. In Canada, Rogers Wireless was the first to launch LTE network on July 7, 2011, offering the Sierra Wireless AirCard 313U USB mobile broadband modem, known as the "LTE Rocket stick" then followed closely by mobile devices from both HTC and Samsung. Initially, CDMA operators planned to upgrade to rival standards called UMB and WiMAX, but major CDMA operators (such as Verizon, Sprint and MetroPCS in the United States, Bell and Telus in Canada, au by KDDI in Japan, SK Telecom in South Korea and China Telecom/China Unicom in China) have announced instead they intend to migrate to LTE. The next version of LTE is LTE Advanced, which was standardized in March 2011. Services commenced in 2013. Additional evolution known as LTE Advanced Pro was approved in 2015. The LTE specification provides downlink peak rates of 300 Mbit/s, uplink peak rates of 75 Mbit/s, and QoS provisions permitting a transfer latency of less than 5 ms in the radio access network. LTE has the ability to manage fast-moving mobiles and supports multicast and broadcast streams. LTE supports scalable carrier bandwidths, from 1.4 MHz to 20 MHz and supports both frequency division duplexing (FDD) and time-division duplexing (TDD). The IP-based network architecture, called the Evolved Packet Core (EPC) designed to replace the GPRS Core Network, supports seamless handovers for both voice and data to cell towers with older network technology such as GSM, UMTS and CDMA2000. The simpler architecture results in lower operating costs (for example, each E-UTRA cell will support up to four times the data and voice capacity supported by HSPA). Because LTE frequencies and bands differ from country to country, only multi-band phones can use LTE in all countries where it is supported. == History == === 3GPP standard development timeline === In 2004, NTT Docomo of Japan proposes LTE as the international standard. In September 2006, Siemens Networks (today Nokia Networks) showed in collaboration with Nomor Research the first live emulation of an LTE network to the media and investors. As live applications, two users streaming an HDTV video in the downlink and playing an interactive game in the uplink have been demonstrated. In February 2007, Ericsson demonstrated for the first time in the world, LTE with bit rates up to 144 Mbit/s In September 2007, NTT Docomo demonstrated LTE data rates of 200 Mbit/s with power level below 100 mW during the test. In November 2007, Infineon presented the world's first RF transceiver named SMARTi LTE, supporting LTE functionality in a single-chip RF silicon processed in CMOS In early 2008, LTE test equipment began shipping from several vendors and at the Mobile World Congress 2008 in Barcelona, Ericsson demonstrated the world's first end-to-end mobile call enabled by LTE on a small handheld device. Motorola demonstrated an LTE RAN (Radio Access Network) standard compliant eNodeB and LTE chipset at the same event. At the February 2008 Mobile World Congress: Motorola demonstrated how LTE can accelerate the delivery of personal media experience with HD video demo streaming, HD video blogging, online gaming, and VoIP over LTE running a RAN standard-compliant LTE network & LTE chipset. Ericsson EMP (later ST-Ericsson) demonstrated the world's first end-to-end LTE call on handheld Ericsson demonstrated LTE FDD and TDD mode on the same base station platform. Freescale Semiconductor demonstrated streaming HD video with peak data rates of 96 Mbit/s downlink and 86 Mbit/s uplink. NXP Semiconductors (later part of ST-Ericsson) demonstrated a multi-mode LTE modem as the basis for a software-defined radio system for use in cellphones. picoChip and Mimoon demonstrated a base station reference design. This runs on a common hardware platform (multi-mode / software-defined radio) with their WiMAX architecture. In April 2008, Motorola demonstrated the first EV-DO to LTE hand-off handling over streaming a video from LTE to a commercial EV-DO network and back to LTE. In April 2008, LG Electronics and Nortel demonstrated LTE data rates of 50 Mbit/s while travelling at 110 km/h (68 mph). In November 2008, Motorola demonstrated industry first over-the-air LTE session in 700 MHz spectrum. Researchers at Nokia Siemens Networks and Heinrich Hertz Institut have demonstrated LTE with 100 Mbit/s Uplink transfer speeds. At the February 2009 Mobile World Congress: Infineon demonstrated a single-chip 65 nm CMOS RF transceiver providing 2G/3G/LTE functionality Launch of ng Connect program, a multi-industry consortium founded by Alcatel-Lucent to identify and develop wireless broadband applications. Motorola provided LTE drive tour on the streets of Barcelona to demonstrate LTE system performance in a real-life metropolitan RF environment In July 2009, Nujira demonstrated efficiencies of more than 60% for an 880 MHz LTE Power Amplifier In August 2009, Nortel and LG Electronics demonstrated the first successful handoff between CDMA and LTE networks in a standards-compliant manner In August 2009, Alcatel-Lucent receives FCC certification for LTE base stations for the 700 MHz spectrum band. In September 2009, Nokia Siemens Networks demonstrated the world's first LTE call on standards-compliant commercial software. In October 2009, Ericsson and Samsung demonstrated interoperability between the first ever commercial LTE device and the live network in

Patch management

Patch management (or patch management policy or patch policy or patch management process) is concerned with the identification, acquisition, distribution, testing and installation of patches to systems. Proper patch management can be a net productivity boost for an organization. Patches can be used to defend against and eliminate potential vulnerabilities of a system, so that no threats may exploit them. Problems can arise during patch management, including buggy patches that either fail to fix their problem or introduce new issues. Patch management tools help orchestrate all of the procedures involved in patch management. == Description == Patch management is defined as a sub-practice of various disciplines including vulnerability management (part of security management), lifecycle management (with further possible sub-classification into application lifecycle management and release management), change management, and systems management. The practice is broadly concerned with the identification, acquisition, distribution, and installation of patches to systems. Some definitions of patch management are as a software-level practice, while others are as a systems-level process: software, drivers, and firmware. == Cost–benefit analysis == While reserving time for patching takes up enterprise resources, there are balancing factors which can make proper patch management into a net productivity boost for an organization. Up-to-date systems often perform more efficiently, less costly, with less errors, less security risks, and better user workflow. Additionally, compliance with changing local and federal regulations are more likely to be satisfied. Patching security vulnerabilities has been one among many competing priorities for organizations, leading to longer periods before patching for some organizations. Equifax was too slow to implement its 2015 patch management plan to be able to mitigate or prevent the 2017 Equifax data breach, leading to scrutiny from regulators. == Relation to security management == Patches can be used to defend against and eliminate potential vulnerabilities of a system, so that no threats may exploit them; therefore, patch management can be considered a sub-discipline of vulnerability management. Every patchable device in a system presents an attack surface that must be secured. === Time plan === Automatic updates are where the patch is applied automatically with little to know actions or planning required. This approach is recommended for many individuals and organizations. Some organizations also have to prioritize which patches to prioritize given limited resources. Patch Tuesday is the most common process when major companies like Microsoft and Adobe release patches on a known date so that companies can plan resources around implementing the patches more quickly. Linux is open-sourced and patches can be released at any time, leading some to rely on mailing lists or other ways to be alerted to updates. === Inventory === Taking an inventory of software and hardware, including versions can make it easier to correlate with bugs or patches as they become known. Taking stock of how much education and support others in an organization need to install their patches can also help for planning how to implement the patch or design systems to begin with. Streamlining the process by using tools that can communicate with each other can also help to reduce the time of exposure to known vulnerabilities. == Challenges == There are a multitude of problems that can arise during patch management. A common issue is buggy patches, which either fail to fix their problem or introduce new issues. Another issue is deployment synchronization, since various subsystems may receive instructions to update at different times. Similarly, the difficulty of patch management across many devices may grow at an uncontrollable rate depending on organizational size. One prominent demonstration of the challenges facing proper patch management was the buggy Falcon Sensor patch by CrowdStrike which caused one of the worst IT outages of all time. == Implementations == A patch management tool (alternatively patch manager, patch management system, patch management software, or centralized patch management) help orchestrate all of the procedures involved in patch management. Tools can be in-house (applied locally by local administrators), or external, as with managed service providers (applied externally by a provider). === Patch management software === Windows Update for Business, System Center Configuration Manager, and Windows Server Update Services offer control over patch deployment, with features enabling testing, scheduling updates, and setting custom configurations on Windows platforms. === Managed service providers === == Regulatory requirements (United States) == Timely patching of software vulnerabilities is a requirement under multiple regulatory frameworks in the United States. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires covered entities to protect electronic protected health information by implementing security measures sufficient to reduce risks to a reasonable and appropriate level, which industry guidance has long interpreted to include timely patch management. A proposed new HIPAA Security Rule would make patch management requirements explicit, mandating that covered entities and business associates deploy security patches and updates within a defined risk-based timeline and maintain written procedures for prioritizing, testing, and applying patches to systems that store, process, or transmit ePHI. The 2025 proposal continues to receive industry pushback as of December 2025. HIPAA was last updated in 2013. The Payment Card Industry Data Security Standard (PCI DSS) requires organizations to protect system components from known vulnerabilities by installing applicable security patches within one month of release for critical patches. The Cybersecurity and Infrastructure Security Agency (CISA) maintains a Known Exploited Vulnerabilities (KEV) catalog that compels U.S. federal agencies to remediate listed vulnerabilities within specified timelines. Agencies are typically required to patch within 3 weeks, though some vulnerabilities must be fixed within 24 hours.

Bridgefy

Bridgefy is a Mexican software company with offices in Mexico and California, the United States, dedicated to developing mesh-networking technology for mobile apps. It was founded circa 2014 by Jorge Rios, Roberto Betancourt and Diego Garcia who conceived the idea while participating in a tech competition called StartupBus. Bridgefy's smartphone ad hoc network technology, apparently using Bluetooth Mesh, is licensed to other apps. The app gained popularity during protests in different countries since it can operate without Internet, using Bluetooth instead. Aware of the security issues of not using cryptography and the criticism surrounding it, Bridgefy announced in late October 2020 that they adopted the Signal protocol, in both their app and SDK, to keep information private, though security researchers have demonstrated that Bridgefy's usage of the Signal Protocol is insecure. == Usage == The app gained popularity as a communication tactic during the 2019–2020 Hong Kong protests and Citizenship Amendment Act protests in India, because it requires people who want to intercept the message to be physically close because of Bluetooth's limited range, and the ability to daisy-chain devices to send messages further than Bluetooth's range. == Security == In August 2020, researchers published a paper describing numerous attacks against the application, which allow de-anonymizing users, building social graphs of users’ interactions (both in real time and after the fact), decrypting and reading direct messages, impersonating users to anyone else on the network, completely shutting down the network, performing active man-in-the-middle attacks to read messages and even modify them. In response to the disclosures, developers acknowledged that "no part of the Bridgefy app is encrypted now" and gave a vague promise to release a new version "encrypted with top security protocols". Later developers said they plan to switch to Signal Protocol, which is widely recognized by cryptographers and used by Signal and WhatsApp. The Signal Protocol was integrated into the Bridgefy app and SDK by late October 2020, with the developers claiming to have included improvements such as the impossibility of a third person impersonating any other user, man-in-the-middle attacks done by modifying stored keys, and historical proximity tracking, among others. However, in 2022, the same security researchers, now including Kenny Paterson, published a paper describing how Bridgefy's usage of the Signal Protocol was incorrect, failing to remedy the previously discovered issues. The researchers performed a demonstration, showing that it was possible for users to intercept messages intended for others without the sender noticing. The researchers disclosed the vulnerabilities to the developers of Bridgefy in August 2021, but, according to the researchers, the developers had yet to resolve the issues as of June 2022. On July 31, 2023, the security firm 7asecurity released a blog post and pentest report of a white box penetration test and overall security review of the Bridgefy app in collaboration with the platform's developers. Their review, which began in November 2022 and concluded in May 2023, identified multiple critical vulnerabilities throughout the application. Many of the issues were fixed, or partially fixed, before the end of the audit, including user impersonation and biometric bypass. Bridgefy also published a blog post on August 8, 2023, announcing the audit results.