“…Attack graphs are also being studied extensively and employed for the purpose of optimal selection of countermeasures, e.g., in [20], [29], [35], [37]. While the objects called attack graphs in [37] are essentially the same as the attack graphs of [1], and a reduced version of the latter, called vulnerability dependency graphs in [1] is used in [35], in each of the works [20], [29], [37] attack graphs are defined differently. Furthermore, each of them having different optimization goals, the optimization methods of [20], [29], [35], [37] require different input data.…”