Prioritising vulnerabilities using ANP and evaluating their optimal discovery and patch release time

Kansal, Yogita; Kapur, P. K.; Kumar, Uday; Kumar, Deepak

doi:10.1504/ijmor.2019.097758

Cited by 3 publications

(3 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A software cost model is formulated on the basis of some assumptions: The cost to disclose vulnerabilities is directly proportional to the number of vulnerabilities discovered at a particular time. The risk cost associated with the discovered vulnerabilities is an amount that a vendor has to pay each customer in terms of damage potential. The cost framework composes of the following: Cost of vulnerability disclosure: The vulnerability disclosure may generate high risk and exploitation to the system. During operational phase, if vulnerability is disclosed without any fix or patch, then the developers have to pay a penalty cost to their customers . The total amount of loss faced by developers is directly proportional to the number of vulnerabilities discovered.…”

Section: Utility Theory‐based Time Optimization and Cost Evaluationmentioning

confidence: 99%

“…During operational phase, if vulnerability is disclosed without any fix or patch, then the developers have to pay a penalty cost to their customers. 14,29 The total amount of loss faced by developers is directly proportional to the number of vulnerabilities discovered. Thus, the expected cost to disclose vulnerabilities by time t can be expressed as c 1 ⋅ Ω(t).…”

Section: The Risk Cost Associated With the Discovered Vulnera-mentioning

confidence: 99%

“…Beattie et al explored a mathematical model that optimizes the time to patch. Recently, Kansal et al proposed a cost framework to evaluate the optimal discovery and patch release time, but they have not evaluated the utility of the framework.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Coverage‐based vulnerability discovery modeling to optimize disclosure time using multiattribute approach

Kansal

Kapur

Kumar

2018

Quality & Reliability Eng

Self Cite

View full text Add to dashboard Cite

Software vulnerabilities trend over time has been proposed by various researchers and academicians in recent years. But none of them have considered operational coverage function in vulnerability discovery modeling. In this research paper, we have proposed a generalized statistical model that determines the relationship between operational coverage function and the number of expected vulnerabilities. During the operational phase, possible vulnerable sites are covered and vulnerabilities present at a particular site are discovered with some probability. We have assumed that the proposed model follows the nonhomogeneous Poisson process properties; thus, different distributions are used to formulate the model. The numerical illustration shows that the proposed model performs better and has the good fitness to the Google Chrome data. The second focus of this research paper is to evaluate the total cost incurred by the developer after software release and to identify the optimal vulnerability disclosure time through multiobjective utility function. The proposed vulnerability discovery helps in optimization. The optimal time problem depends on the combined effect of cost, risk, and effort.

show abstract

Section: Utility Theory‐based Time Optimization and Cost Evaluationmentioning

confidence: 99%

Section: The Risk Cost Associated With the Discovered Vulnera-mentioning

confidence: 99%

See 1 more Smart Citation

Coverage‐based vulnerability discovery modeling to optimize disclosure time using multiattribute approach

Kansal

Kapur

Kumar

2018

Quality & Reliability Eng

Self Cite

View full text Add to dashboard Cite

show abstract

A Framework for Prioritizing Software Vulnerabilities Using Fuzzy Best-Worst Method

Anjum

Kapur

Agarwal

et al. 2020

2020 8th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO)

View full text Add to dashboard Cite

Searching Deterministic Chaotic Properties in System-Wide Vulnerability Datasets

et al. 2021

View full text Add to dashboard Cite

Cybersecurity is a never-ending battle against attackers, who try to identify and exploit misconfigurations and software vulnerabilities before being patched. In this ongoing conflict, it is important to analyse the properties of the vulnerability time series to understand when information systems are more vulnerable. We study computer systems’ software vulnerabilities and probe the relevant National Vulnerability Database (NVD) time-series properties. More specifically, we show through an extensive experimental study based on the National Institute of Standards and Technology (NIST) database that the relevant systems software time series present significant chaotic properties. Moreover, by defining some systems based on open and closed source software, we compare their chaotic properties resulting in statistical conclusions. The contribution of this novel study is focused on the prepossessing stage of vulnerabilities time series forecasting. The strong evidence of their chaotic properties as derived by this research effort could lead to a deeper analysis to provide additional tools to their forecasting process.

show abstract

Prioritising vulnerabilities using ANP and evaluating their optimal discovery and patch release time

Cited by 3 publications

References 0 publications

Coverage‐based vulnerability discovery modeling to optimize disclosure time using multiattribute approach

Coverage‐based vulnerability discovery modeling to optimize disclosure time using multiattribute approach

A Framework for Prioritizing Software Vulnerabilities Using Fuzzy Best-Worst Method

Searching Deterministic Chaotic Properties in System-Wide Vulnerability Datasets

Contact Info

Product

Resources

About