Vulnerability Patch Modeling

Kansal, Yogita; Kumar, Deepak; Kapur, P. K.

doi:10.1142/s0218539316400131

Cited by 11 publications

(4 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Figure 2) used only the patch score (i.e., the score is calculated by weighting the selected criteria in the context of the organization for each vulnerability) to determine the patch order. We discovered our method in [5] needs improvement because historical data and practical experience are the inevitable factors to increase the success rate of patch [28]. We also learned from the practical experience shared in the patch management community of experts 3 , some patch failures could be avoided by prioritization (e.g., patching a microcode vulnerability in Ubuntu requires the kernel to be patched in advance; otherwise, the mitigation failed).…”

Section: Contributionmentioning

confidence: 99%

“…The Deploy patch process is iterated for each item (vulnerability) in the file until the stop signal is generated. ACVRM will stop patch execution if the acceptance rate of a failure [28] (i.e., the percentage of the unsuccessful patch accepted by security experts in the organization) is exceeded. The default acceptance rate in our design is up to 10% failure of patches in patch_prioritization.json for each host.…”

Section: Design and Implementationmentioning

confidence: 99%

See 1 more Smart Citation

Automated Patch Management: An Empirical Evaluation Study

Mehri,

Arlos,

Casalicchio

2023

2023 IEEE International Conference on Cyber Security and Resilience (CSR)

View full text Add to dashboard Cite

Vulnerability patch management is one of IT organizations' most complex issues due to the increasing number of publicly known vulnerabilities and explicit patch deadlines for compliance. Patch management requires human involvement in testing, deploying, and verifying the patch and its potential side effects. Hence, there is a need to automate the patch management procedure to keep the patch deadline with a limited number of available experts. This study proposed and implemented an automated patch management procedure to address mentioned challenges. The method also includes logic to automatically handle errors that might occur in patch deployment and verification. Moreover, the authors added an automated review step before patch management to adjust the patch prioritization list if multiple cumulative patches or dependencies are detected. The result indicated that our method reduced the need for human intervention, increased the ratio of successfully patched vulnerabilities, and decreased the execution time of vulnerability risk management.

show abstract

Section: Contributionmentioning

confidence: 99%

Section: Design and Implementationmentioning

confidence: 99%

Automated Patch Management: An Empirical Evaluation Study

Mehri,

Arlos,

Casalicchio

2023

2023 IEEE International Conference on Cyber Security and Resilience (CSR)

View full text Add to dashboard Cite

show abstract

“…We have proposed four models with different distributions as shown by Equations 11,12,15,and 16. It may be noted that…”

Section: Operational Coveragementioning

confidence: 99%

“…Beattie et al explored a mathematical model that optimizes the time to patch. Recently, Kansal et al proposed a cost framework to evaluate the optimal discovery and patch release time, but they have not evaluated the utility of the framework.…”

Section: Introductionmentioning

confidence: 99%

Coverage‐based vulnerability discovery modeling to optimize disclosure time using multiattribute approach

Kansal

Kapur

Kumar

2018

Quality & Reliability Eng

Self Cite

View full text Add to dashboard Cite

Software vulnerabilities trend over time has been proposed by various researchers and academicians in recent years. But none of them have considered operational coverage function in vulnerability discovery modeling. In this research paper, we have proposed a generalized statistical model that determines the relationship between operational coverage function and the number of expected vulnerabilities. During the operational phase, possible vulnerable sites are covered and vulnerabilities present at a particular site are discovered with some probability. We have assumed that the proposed model follows the nonhomogeneous Poisson process properties; thus, different distributions are used to formulate the model. The numerical illustration shows that the proposed model performs better and has the good fitness to the Google Chrome data. The second focus of this research paper is to evaluate the total cost incurred by the developer after software release and to identify the optimal vulnerability disclosure time through multiobjective utility function. The proposed vulnerability discovery helps in optimization. The optimal time problem depends on the combined effect of cost, risk, and effort.

show abstract

Two-Dimensional Vulnerability Patching Model

Kansal

Kapur

2018

System Performance and Management Analytics

View full text Add to dashboard Cite

Vulnerability Patch Modeling

Cited by 11 publications

References 7 publications

Automated Patch Management: An Empirical Evaluation Study

Automated Patch Management: An Empirical Evaluation Study

Coverage‐based vulnerability discovery modeling to optimize disclosure time using multiattribute approach

Two-Dimensional Vulnerability Patching Model

Contact Info

Product

Resources

About