Assessment of Software Vulnerabilities using Best-Worst Method and Two-Way Analysis
Amity Institute of Information Technology, Amity University, Noida, Uttar-Pradesh, India.
P. K. Kapur
Amity Center for Inter-Disciplinary Research, Amity University, Noida, Uttar-Pradesh, India.
Amity International Business School, Amity University, Noida, Uttar-Pradesh, India.
Sunil Kumar Khatri
Amity University, Tashkent Campus, Tashkent, Uzbekistan.
Received on March 21, 2019
Accepted on August 21, 2019
Software is one of the most essential part in today’s world, with its requirements in every industry be it automotive, avionics, telecommunication, banking, pharmaceutical and many more. Software systems are generally a bit complicated and created by distinct programmers. Usually any mistake in the code by a programmer in the developing stage of a software can lead to loopholes that cause vulnerabilities. Vulnerability is a software flaw that an assaulter can exploit to conduct unlawful activities within a computer system. Despite the understanding of vulnerabilities by the academia and industry, the amount of vulnerabilities is growing exponentially as fresh characteristics are added to the software frequently. Developers and testers are faced with the challenge of fixing large amounts of vulnerabilities within limited resources and time. Thus, prioritizing software vulnerabilities is essential to reduce the usage of corporate assets and time, which is the motivation behind the present study. In the present paper, the issue of software vulnerability prioritization is addressed by utilizing a new multi-criterion decision-making (MCDM) technique known as the Best Worst method (BWM). Further, to assess the vulnerabilities in terms of their critical nature, we have applied Two-Way assessment technique. The BWM utilizes two pairwise comparison vectors to determine the weights of criteria. The two-way assessment framework takes into account the perspectives of both managers/developers and stakeholders/testers to highlight the severity of software vulnerabilities. This can act as a significant measure of efficiency and effectiveness for the prioritization and evaluation of vulnerability. The findings are validated with a software testing firm from North India.
Keywords- Software vulnerability, Multi-criteria decision making (MCDM), Best worst method (BWM), Two-way assessment technique.
Anjum, M., Kapur, P. K., Agarwal, V., & Khatri, S. K. (2020). Assessment of Software Vulnerabilities using Best-Worst Method and Two-Way Analysis. International Journal of Mathematical, Engineering and Management Sciences, 5(2), 328-342. https://doi.org/10.33889/IJMEMS.2020.5.2.027.
Conflict of Interest
The authors confirm that there is no conflict of interest for this publication.
The authors would like to express their sincere thanks to the editor and anonymous reviewers for their time and valuable suggestions.
Arora, A., Krishnan, R., Telang, R., & Yang, Y. (2010). An empirical analysis of software vendors' patch release behavior: impact of vulnerability disclosure. Information Systems Research, 21(1), 115-132.
Govindan, K., Jha, P.C., Agarwal, V., & Darbari, J.D. (2019). Environmental management partner selection for reverse supply chain collaboration: A sustainable approach. Journal of Environmental Management, 236, 784-797.
Huang, C.C., Lin, F.Y., Lin, F.Y.S., & Sun, Y.S. (2013). A novel approach to evaluate software vulnerability prioritization. Journal of Systems and Software, 86(11), 2822-2840.
Jimenez, W., Mammar, A., & Cavalli, A. (2009). Software vulnerabilities, prevention and detection methods: a review1. Security in Model-Driven Architecture, 6, 1-56.
Kansal, Y., Kapur, P.K., Kumar, U., & Kumar, D. (2017). User-dependent vulnerability discovery model and its interdisciplinary nature. Life Cycle Reliability and Safety Engineering, 6(1), 23-29.
Kapur, P.K., Nagpal, S., Khatri, S.K., & Yadavalli, V.S. (2014). Critical success factor utility based tool for ERP health assessment: a general framework. International Journal of System Assurance Engineering and Management, 5(2), 133-148.
Kapur, P.K., Pham, H., Gupta, A., & Jha, P. (2011). Software reliability assessment with OR applications. Springer, London.
Kapur, P.K., Singh, G., Sachdeva, N., & Tickoo, A. (2014, October). Measuring software testing efficiency using two-way assessment technique. In Proceedings of 3rd International Conference on Reliability, Infocom Technologies and Optimization. (pp. 1-6). IEEE. Noida, India.
Khurana, D.K., Kapur, P.K., & Sachdeva, N. (2017). Utility based tool to assess overall effectiveness of HRD instruments. International Journal of Business Analytics, 4(2), 20-36.
Liu, Q., & Zhang, Y. (2011). VRSS: A new system for rating and scoring vulnerabilities. Computer Communications, 34(3), 264-273.
Liu, Q., Zhang, Y., Kong, Y., & Wu, Q. (2012). Improving VRSS-based vulnerability prioritization using analytic hierarchy process. Journal of Systems and Software, 85(8), 1699-1708.
Lyu, M.R. (1996). Handbook of software reliability engineering. IEEE Computer Society Press, Hightstown, NJ, USA.
Narang, S., Kapur, P.K., & Damodaran, D. (2017, December). Severity measure of issues creating vulnerabilities in websites using two way assessment technique. In 2017 International Conference on Infocom Technologies and Unmanned Systems (Trends and Future Directions)(ICTUS) (pp. 309-316). IEEE. Dubai, United Arab Emirates
Okoli, C., & Pawlowski, S.D. (2004). The Delphi method as a research tool: an example, design considerations and applications. Information & Management, 42(1), 15-29.
Ozkan, S. (1999), CVE details, the ultimate security vulnerability data source. Technical report. Retrieved from http://www.cvedetails.com. Accessed on 2 Feb 2019.
Rezaei, J. (2015). Best-worst multi-criteria decision-making method. Omega, 53, 49-57.
Rezaei, J. (2016). Best-worst multi-criteria decision-making method: some properties and a linear model. Omega, 64, 126-130.
Sharma, R., Sibal, R., & Sabharwal, S. (2019). Software vulnerability prioritization: a comparative study using TOPSIS and VIKOR techniques. In System Performance and Management Analytics. Springer, Singapore, pp. 405-418.
Sibal, R., Sharma, R., & Sabharwal, S. (2017). Prioritizing software vulnerability types using multi-criteria decision-making techniques. Life Cycle Reliability and Safety Engineering, 6(1), 57-67.