Software Vulnerability Prioritization: A Comparative Study Using TOPSIS and VIKOR Techniques

Abstract

The ever-mounting existence of security vulnerabilities in a software is an inevitable challenge for organizations. Additionally, developers have to operate within limited budgets while meeting the deadlines. So they need to prioritize their vulnerability responses. In this paper, we propose an approach for vulnerability response prioritization using “closeness to the ideal” approach. We used TOPSIS and VIKOR method in this study. Both of these techniques employ an aggregating function to achieve the ranking of desired alternatives. VIKOR method determines a compromise solution on the basis of measure of closeness to a single ideal solution while TOPSIS method determines a feasible solution while taking into account the shortest distance from the positive ideal solution and the maximum distance from negative ideal solution. Both these methods share some significant similarities and differences. A comparative analysis of these two methods is done by applying them on real-life software vulnerability datasets for achieving vulnerability prioritization.