Software is one of the most essential part in today’s world, with its requirements in every industry be it automotive, avionics, telecommunication, banking, pharmaceutical and many more. Software systems are generally a bit complicated and created by distinct programmers. Usually any mistake in the code by a programmer in the developing stage of a software can lead to loopholes that cause vulnerabilities. Vulnerability is a software flaw that an assaulter can exploit to conduct unlawful activities within a computer system. Despite the understanding of vulnerabilities by the academia and industry, the amount of vulnerabilities is growing exponentially as fresh characteristics are added to the software frequently. Developers and testers are faced with the challenge of fixing large amounts of vulnerabilities within limited resources and time. Thus, prioritizing software vulnerabilities is essential to reduce the usage of corporate assets and time, which is the motivation behind the present study. In the present paper, the issue of software vulnerability prioritization is addressed by utilizing a new multi-criterion decision-making (MCDM) technique known as the Best Worst method (BWM). Further, to assess the vulnerabilities in terms of their critical nature, we have applied Two-Way assessment technique. The BWM utilizes two pairwise comparison vectors to determine the weights of criteria. The two-way assessment framework takes into account the perspectives of both managers/developers and stakeholders/testers to highlight the severity of software vulnerabilities. This can act as a significant measure of efficiency and effectiveness for the prioritization and evaluation of vulnerability. The findings are validated with a software testing firm from North India.
Information systems are an integral part of every organization’s critical resource and are an important responsibility of all organizations in this digital world to defend them from attacks. Misuse of critical systems of data raises serious difficulties to organizations which involve loss of productivity, profits, company loss, credibility loss and often, legal issues. This paper develops a framework to analyze the optimal selection of vulnerabilities having maximum severity and can be resolved in minimum time. In this study, an integrated framework involving Analytical Hierarchy process (AHP) and Entropy method is used to calculate the subjective and objective weights of software vulnerabilities. Severity of vulnerabilities is then computed by taking into consideration the combined weights calculated from AHP and Entropy method. To select the most critical vulnerability, a bi-objective programming problem is used with the objective of weight maximization and time minimization. The weighted goal programming approach is used to achieve a compromise between conflicting objectives and to achieve a satisfactory solution to the bi-objective problem. The findings are tested in the Delhi-National Capital Region by a software firm.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.