Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Prioritizing Vulnerabilities using ANP and Evaluating their Optimal Discovery and Patch Release Time
Amity Institute of Information Technology, Amity University.
Amity Center for Interdisciplinary Research, Amity University.
Luleå University of Technology, Department of Civil, Environmental and Natural Resources Engineering, Operation, Maintenance and Acoustics.
Amity Institute of Information Technology, Amity University.
2017 (English)In: International Journal of Mathematics in Operational Research (IJMOR), ISSN 1757-5850, E-ISSN 1757-5869Article in journal (Refereed) Accepted
Abstract [en]

Risk assessment and management are the necessary actions performed by software developing organizations to ensure the continuity of the product in case of vulnerabilities. Clustering vulnerabilities on the basis of its behavior and properties is one of the approaches made by the experts as discussed in Common Weakness Enumeration that provides a hierarchy of vulnerabilities. Although vulnerability classification does not able to provide a solution as developers are still not able to decide which vulnerability class should be tackled first. Thus, a method for filtering and identifying a vulnerability class whose occurrence potential is high is needed by an organization to patch their software in timely manner. In this paper, our first step is to filter the most frequently observed vulnerability type/class through a multi-criteria decision making that involves dependency among various criteria and feedback from various alternatives, known as Analytic network process. We will also formulate a cost model so as to provide a solution to the developers facing high revenue debt because of the occurrence of highly exploited vulnerabilities belonging to the filtered group. The cost model involves the cost of identifying vulnerabilities, patching vulnerabilities, cost of testing the patches and cost of risk mitigation. The main aim of formulating the cost model is to evaluate the optimal discovery and patch release time such that the total developers cost could be minimized which is subject to risk constraints. To illustrate the proposed approach, reported vulnerabilities of Google chrome with high exploitability potential have been examined at its source level.

Place, publisher, year, edition, pages
2017.
National Category
Other Civil Engineering
Research subject
Operation and Maintenance
Identifiers
URN: urn:nbn:se:ltu:diva-66589OAI: oai:DiVA.org:ltu-66589DiVA: diva2:1157134
Available from: 2017-11-15 Created: 2017-11-15 Last updated: 2017-11-24

Open Access in DiVA

No full text

Search in DiVA

By author/editor
Kumar, Uday
By organisation
Operation, Maintenance and Acoustics
In the same journal
International Journal of Mathematics in Operational Research (IJMOR)
Other Civil Engineering

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 2 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf