Software Vulnerability Patch Management with Semi-Markov Decision Process

Information security incidents frequency has been increasing dramatically, the aim of this study is to analyze the state-space reachability problems through the transition of vulnerable status after the informative system vulnerability exposure. In this research we took into consideration the time factor to analyze the arrival time to reachable states problem discussed in stochastic Petri nets. The mean arrival time and variance of the process between starting from an initial state and arriving at reachable states. We will therefore elaborate a novel model based on the semi-Markov stochastic Petri nets model for analyzing the period between the exposure of the vulnerability and the completion of its patch. We use the semi-Markov process to analyze the state-space reachability problems of the stochastic Petri nets, resulting in a novel model for software vulnerability patch management. Moreover, we include also the concept of discounted multi-objective semi-Markov decision process to obtain the total of the efficient extreme point set.