 Prioritising vulnerabilities using ANP and evaluating their optimal discovery and patch release timeYogita Kansal, P.K. Kapur, Uday Kumar and Deepak Kumar International Journal of Mathematics in Operational Research, 2019, vol. 14, issue 2, 236-267 Abstract: Method for filtering and identifying a vulnerability class that has high probability of occurrence is needed by organisations to patch their software in a timely manner. In this paper, our first step is to filter the most frequently observed vulnerability type/class through a multi-criteria decision making that involves dependency among various criteria and feedback from various alternatives, known as analytic network process. We will also formulate a cost model to provide a solution to the developers facing high revenue debt because of the occurrence of highly exploited vulnerabilities belonging to the filtered group. The main aim of formulating the cost model is to evaluate the optimal discovery and patch release time such that the total developer's cost could be minimised subject to risk constraints. To illustrate the proposed approach, reported vulnerabilities of Google Chrome with high exploitability have been examined at its source level. Keywords: vulnerability; multi criteria decision making; analytical network process; optimisation; patches. (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:ids:ijmore:v:14:y:2019:i:2:p:236-267 Access Statistics for this article More articles in International Journal of Mathematics in Operational Research from Inderscience Enterprises Ltd |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.