Textural relations, thermobarometry and petrogenetic grid considerations in the syn-tectonic granitoid massif and the enveloping metasedimentary gneisses at Salur are consistent with a counter-clockwise P-T -t path for the rocks. The low-P/high-T prograde sector is documented by the pre-to syn-D 1 cordierite±orthopyroxene±garnet±spinel-bearing metatexite leucosomes in metapelites. Heating and loading of the rocks (syn-to post-D 1 ) resulted in the formation of garnet+orthopyroxene± cordierite-bearing diatexites, and decomposition of cordierite in metatexite leucosomes to orthopyroxene+sillimanite+biotite+quartz symplectites. Near-peak temperature, 850°C at 8.0 kbar, was reached syn-to post-D 2 . Post-peak cooling resulted in the stabilization of coronal grossular and anorthite+calcite symplectites at the expense of scapolite+wollastonite+calcite assemblages in calcsilicate gneisses, and the resetting of cation exchange temperatures at 700-750°C. Near-isothermal decompression at c. 700-750°C is manifested by the decomposition of garnet porphyroblasts in the granitoid gneisses to plagioclase+orthopyroxene/ilmenite/biotite two-phase coronas and restabilization of cordierite at garnet margins in metapelites. Subsequent low-P, near-isobaric cooling led to the overprinting of granulite facies assemblages by muscovite+calcite assemblages, and further resetting of cation exchange thermometers to lower temperatures c. 600°C. The tectonothermal evolution of the Salur gneiss complex vis-a-vis the Eastern Ghats Belt is therefore consistent with high degrees of lower crustal melting, followed by prograde heating of the cover rocks due to magma invasion synchronous with crustal compression, and finally thermal relaxation over a protracted period punctuated by tectonic/erosional denudation of the thickened crust.
Purpose
Malicious attackers frequently breach information systems by exploiting disclosed software vulnerabilities. Knowledge of these vulnerabilities over time is essential to decide the use of software products by organisations. The purpose of this paper is to propose a novel G-RAM framework for business organisations to assess and mitigate risks arising out of software vulnerabilities.
Design/methodology/approach
The G-RAM risk assessment module uses GARCH to model vulnerability growth. Using 16-year data across 1999-2016 from the National Vulnerability Database, the authors estimate the model parameters and validate the prediction accuracy. Next, the G-RAM risk mitigation module designs optimal software portfolio using Markowitz’s mean-variance optimisation for a given IT budget and preference.
Findings
Based on an empirical analysis, this study establishes that vulnerability follows a non-linear, time-dependent, heteroskedastic growth pattern. Further, efficient software combinations are proposed that optimise correlated risk. The study also reports the empirical evidence of a shift in efficient frontier of software configurations with time.
Research limitations/implications
Existing assumption of independent and identically distributed residuals after vulnerability function fitting is incorrect. This study applies GARCH technique to measure volatility clustering and mean reversal. The risk (or volatility) represented by the instantaneous variance is dependent on the immediately previous one, as well as on the unconditional variance of the entire vulnerability growth process.
Practical implications
The volatility-based estimation of vulnerability growth is a risk assessment mechanism. Next, the portfolio analysis acts as a risk mitigation activity. Results from this study can decide patch management cycle needed for each software – individual or group patching. G-RAM also ranks them into a 2×2 risk-return matrix to ensure that the correlated risk is diversified. Finally the paper helps the business firms to decide what to purchase and what to avoid.
Originality/value
Contrary to the existing techniques which either analyse with statistical distributions or linear econometric methods, this study establishes that vulnerability growth follows a non-linear, time-dependent, heteroskedastic pattern. The paper also links software risk assessment to IT governance and strategic business objectives. To the authors’ knowledge, this is the first study in IT security to examine and forecast volatility, and further design risk-optimal software portfolios.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.