Open Access

ARTICLE

Selecting Best Software Vulnerability Scanner Using Intuitionistic Fuzzy Set TOPSIS

Navneet Bhatt¹, Jasmine Kaur², Adarsh Anand², Omar H. Alhazmi^3,*

1 Anil Surendra Modi School of Commerce, Narsee Monjee Institute of Management Studies, Deemed to be University, Mumbai, 400056, India
2 Department of Operational Research, Faculty of Mathematical Sciences, University of Delhi, Delhi, 110007, India
3 Department of Computer Science, Taibah University, Medina, 30001, Saudi Arabia

* Corresponding Author: Omar H. Alhazmi. Email:

Computers, Materials & Continua 2022, 72(2), 3613-3629. https://doi.org/10.32604/cmc.2022.026554

Received 30 December 2021; Accepted 22 February 2022; Issue published 29 March 2022

Abstract

Software developers endeavor to build their products with the least number of bugs. Despite this, many vulnerabilities are detected in software that threatens its integrity. Various automated software i.e., vulnerability scanners, are available in the market which helps detect and manage vulnerabilities in a computer, application, or a network. Hence, the choice of an appropriate vulnerability scanner is crucial to ensure efficient vulnerability management. The current work serves a dual purpose, first, to identify the key factors which affect the vulnerability discovery process in a network. The second, is to rank the popular vulnerability scanners based on the identified attributes. This will aid the firm in determining the best scanner for them considering multiple aspects. The multi-criterion decision making based ranking approach has been discussed using the Intuitionistic Fuzzy set (IFS) and Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) to rank the various scanners. Using IFS TOPSIS, the opinion of a whole group could be simultaneously considered in the vulnerability scanner selection. In this study, five popular vulnerability scanners, namely, Nessus, Fsecure Radar, Greenbone, Qualys, and Nexpose have been considered. The inputs of industry specialists i.e., people who deal in software security and vulnerability management process have been taken for the ranking process. Using the proposed methodology, a hierarchical classification of the various vulnerability scanners could be achieved. The clear enumeration of the steps allows for easy adaptability of the model to varied situations. This study will help product developers become aware of the needs of the market and design better scanners. And from the user's point of view, it will help the system administrators in deciding which scanner to deploy depending on the company's needs and preferences. The current work is the first to use a Multi Criterion Group Decision Making technique in vulnerability scanner selection.

---

Keywords

---