Abstract:
As vulnerability assessment becomes a key component for any software’s lifecycle, a great importance should substantiate on the methods used in the audit process and on the findings management front. Large-scale technological infrastructures, such as telecommunication networks require particular focus due to their sheer complexity and the criticality aspect of the services they provide. While existing models for vulnerability management can be efficient in fast-paced IT&C environments, there is a need for a predictive model for vulnerability management, including impact and probability of exploitation assessment for complex infrastructures where slow-paced changes in the IT&C environment creates opportunities for adversaries and affects the resilience of telecommunication operators.