ABSTRACT
Security vulnerability exploitations vary significantly for different organisations, businesses and users as they make use of different development models. The vulnerabilities need to be handled separately. Measuring the impact of vulnerability, estimating its probability and quantifying the qualifying impacts is a challenging task. It needs to be error-prone. It involves collecting mining of the attacks. Software vulnerabilities analysis can be built in qualitative and quantitative ways. The qualitative way will focus on the quality impact, prioritising the parameters and analysis of its impact on the system. Its main objective is to define the severity of software vulnerabilities. The quantitative way will focus on vulnerability response costs and their potential economic damage if vulnerability is exploited. Its main objective is to enable efficient prioritisation of security efforts and investments to mitigate the discovered vulnerabilities, thus causing an opportunity to lower expected losses. Many criteria affecting the vulnerability can assess risks and benefits of security technologies, which need to be analysed for the cause. Each criterion can be evaluated for its probability of occurrence, cost for handling it and its response impact. Higher impact criteria can be handled fast using interruption of execution. Lower impact criteria can be addressed using scheduled maintenance time plans without interrupting execution processes. Analysis of multiple criteria saves time, cost and human intervention. Multi-criteria decision analysis (MCDA) methods can be used for prioritisation of the existing vulnerabilities within the target system. These prioritisation models need to be evaluated as per the availability, accuracy and meaningfulness of estimations of costs and benefits. The total response cost of resolving all the vulnerabilities can be analysed using different techniques such as CVSS, CWS and AHP. This chapter shows the comparison of different techniques to resolve vulnerabilities in different situations. MCDM saves and sorts the list of criteria affecting the environment.
