Prioritizing Types of Vulnerability on the Basis of their Severity in Multi-version Software Systems using DEMATEL Technique

Software Vulnerabilities presents high risk to the software system’s security. Researchers have been working on risk reduction posed by vulnerabilities before its fixation. Prioritizing the fixation of these vulnerabilities on the basis of their criticality and severity is an important step in this direction. The vulnerabilities which occur repeatedly in consecutive versions and are interdependent on each other seems to be highly critical. This paper focuses on types of vulnerabilities interdependent on each other occurring again and again in an n-version software. Our focus is to propose a cause effect diagram using an MCDM technique (multi-criteria decision-making) for vulnerability prioritization. The MCDM technique which we chose to use here is DEMATEL i.e., decision-making trial and evaluation laboratory for prioritization of these interdependent vulnerabilities and advocating a cause-effect relationship using diagram. Finding of severity, prioritization according to that severity measure, proposing of cause-effect relationship obtained through DEMATEL seems to be a more practical approach and a better solution of prioritization.