Prioritizing vulnerability patches in large networks