Software updates are unavoidable, as software evolves with new features, improved performance, and error fixes. Important as they may be, software updates are also disruptive. In their simplest form, they require stopping and restarting the updated program; which disrupt users and results in loss of non-persistent state (e.g., contents of memory and active network connections). Furthermore, updates may fail and leave the updated software unable to run again, as happened recently to a Windows 10 update. Unfortunately, ignoring updates is not an acceptable alternative. If not fixed in a timely manner, known software errors may result in exploitable vulnerabilities, as happened recently in to Equifax.

Operators are thus left with a hard decision:  To update now, disrupting users and risking not being able to resume service after the update; or to update later, and risk a potential attack. Developers, on the other hand, treat each version in isolation. They use sophisticated tools and techniques to ensure the quality of the resulting software, testing and validating each feature of each version. However, developers lack tools and techniques to reason about more than one version, and to treat software updates as any other first-class program feature. This leads to an update gap that separates operators from developers with regards to software updates.

In this talk, I describe how to bridge the update gap, focusing on my previous work on Dynamic Software Updating (DSU) as the building block to this ambitious goal. I also present recent work on making DSU reliable, even in the presence of update errors; and my vision to use a similar approach to improve the reliability of existing systems built with unreliable tools and languages.