Assessment of Software Vulnerabilities using Best-Worst Method and Two-Way Analysis

Misbah Anjum,Vernika Agarwal,Sunil Kumar Khatri,P K Kapur

doi:10.33889/ijmems.2020.5.2.027

Misbah Anjum, Vernika Agarwal + Show 2 more

Open Access

https://doi.org/10.33889/ijmems.2020.5.2.027

Copy DOI

Abstract

Software is one of the most essential part in today’s world, with its requirements in every industry be it automotive, avionics, telecommunication, banking, pharmaceutical and many more. Software systems are generally a bit complicated and created by distinct programmers. Usually any mistake in the code by a programmer in the developing stage of a software can lead to loopholes that cause vulnerabilities. Vulnerability is a software flaw that an assaulter can exploit to conduct unlawful activities within a computer system. Despite the understanding of vulnerabilities by the academia and industry, the amount of vulnerabilities is growing exponentially as fresh characteristics are added to the software frequently. Developers and testers are faced with the challenge of fixing large amounts of vulnerabilities within limited resources and time. Thus, prioritizing software vulnerabilities is essential to reduce the usage of corporate assets and time, which is the motivation behind the present study. In the present paper, the issue of software vulnerability prioritization is addressed by utilizing a new multi-criterion decision-making (MCDM) technique known as the Best Worst method (BWM). Further, to assess the vulnerabilities in terms of their critical nature, we have applied Two-Way assessment technique. The BWM utilizes two pairwise comparison vectors to determine the weights of criteria. The two-way assessment framework takes into account the perspectives of both managers/developers and stakeholders/testers to highlight the severity of software vulnerabilities. This can act as a significant measure of efficiency and effectiveness for the prioritization and evaluation of vulnerability. The findings are validated with a software testing firm from North India.

Highlights

The world progresses at an agile pace of technology and complexity as we know it today
The present study aims in understanding the prioritization of vulnerabilities so that the developers and testers know their fixing order
A new multi-criterion decision-making (MCDM) technique known as Best Worst method (BWM) was utilized to prioritize the vulnerabilities

Summary

Introduction

The world progresses at an agile pace of technology and complexity as we know it today. Even when we look at any sector, they are extremely dependent on computers for their fundamental functioning This increasing dependence on computer systems has further highlighted the current security problems in the software world (Kapur et al, 2011). In 2017, the overall increase in the reported vulnerabilities was 13% and the vulnerabilities associated with the Industrial Control System (ICS) increased 29%, compared to 2015 and 2016, according to the Symantec Internet security threat report (US, 2018). These data breaches often exploit vulnerabilities in the software. There were 6,787 vulnerabilities disclosed in 2014, compared with 5,291 in 2013 as per the reports of Symantec Internet Security threat report (US, 2013)

Objectives

Methods

Results

Conclusion