A game theoretic approach to vulnerability patching