Prioritising vulnerabilities using ANP and evaluating their optimal discovery and patch release time (Q2205031)

From MaRDI portal
Revision as of 09:16, 30 July 2024 by Openalex240730090724 (talk | contribs) (Set OpenAlex properties.)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
scientific article
Language Label Description Also known as
English
Prioritising vulnerabilities using ANP and evaluating their optimal discovery and patch release time
scientific article

    Statements

    Prioritising vulnerabilities using ANP and evaluating their optimal discovery and patch release time (English)
    0 references
    0 references
    0 references
    0 references
    0 references
    20 October 2020
    0 references
    Summary: Method for filtering and identifying a vulnerability class that has high probability of occurrence is needed by organisations to patch their software in a timely manner. In this paper, our first step is to filter the most frequently observed vulnerability type/class through a multi-criteria decision making that involves dependency among various criteria and feedback from various alternatives, known as analytic network process. We will also formulate a cost model to provide a solution to the developers facing high revenue debt because of the occurrence of highly exploited vulnerabilities belonging to the filtered group. The main aim of formulating the cost model is to evaluate the optimal discovery and patch release time such that the total developer's cost could be minimised subject to risk constraints. To illustrate the proposed approach, reported vulnerabilities of Google Chrome with high exploitability have been examined at its source level.
    0 references
    vulnerability
    0 references
    multi-criteria decision making
    0 references
    analytical network process
    0 references
    optimisation
    0 references
    patches
    0 references

    Identifiers