A Maturity Model for the Assessment of Zero-Day Security Attacks

Security is an essential attribute of quality software. Detecting and mitigating different attacks is essential to having high-quality software. One such security vulnerabilit...ty is a zero-day attack. A zero-day attack describes the threat of an unknown security vulnerability in software that either the application developers are unaware of, or no security patch has been released. Zero-day attacks are complex to analyze due to the lack of data until such attacks’ discovery. Despite the significance of zero-day attacks, little empirical research has been conducted to understand such attacks better. Currently, no model exists to assess the maturity of managing zero-day attacks in an organization. This study aims to build a zero-day attack maturity model to enable organizations to evaluate their maturity levels to handle such attacks. We plan to use a mixed-method approach comprising well-established empirical methodologies to identify challenges and respective best practices to handle zero-day attacks. Moreover, the Fuzzy Analytic Hierarchy Process (F-AHP) will be used to prioritize the identified challenges. The study's findings are expected to increase the awareness of such attacks and their challenges and be a baseline for further research in this area supporting industries and developers.