A case for protocol dependency

Vulnerabilities infest information technology. There is a lack of tools in risk assessment for understanding the impact that the disclosed vulnerabilities have on the critical information infrastructures. To address this need, this work derives a new dimension of dependency from practical vulnerability work, namely that of protocol dependency. Classic technology dependency views were reviewed, a chain of systematic vulnerability disclosures was followed as a case study and analysis revealed evidence of protocol dependency. Extrapolating from the experiences of a complex case, this new dependency dimension can be modelled. The model will benefit from going beyond a narrow technical view.