Abstract

A common problem organizations face is determining how to prioritize security updates and patches to minimize the risk of vulnerabilities in their infrastructure. Limited resources constrain organizations to select a set of only the most security critical updates that they can afford to perform; thus, it is very important to compute the risk of delaying less critical updates accurately.