Multifaceted Empirical Validation of AEGIS for Cybersecurity Vulnerability Prioritization

AEGIS is a Multi-Criteria Decision Analysis (MCDA) method that extends TOPSIS with three domain-specific modifications for cybersecurity vulnerability prioritization: Temporal Decay Boosting (TDB), Cascading Risk Propagation (CRP), and Adversarial Asymmetric Distance (AAD). A companion paper presents AEGIS's theoretical properties and an initial empirical evaluation on 1,000 CVEs from NVD with CISA KEV ground truth, indicating that CRP is the primary divergence driver and that AEGIS obtained the highest AUC-ROC (0.848) among the MCDA methods tested on that dataset. This paper presents four complementary validation studies—all within the same NVD/KEV/EPSS data ecosystem. First, a temporal prospective evaluation using a January 2023 cutoff indicates that AEGIS's advantage was observed when scoring future vulnerabilities using only historical context (AUC = 0.875 vs. 0.864 for TOPSIS). Second, an operational deployment simulation processes vulnerabilities in monthly batches across twelve months of 2023, revealing that CRP's advantage matures with deployment duration, with early detection of 8 CVEs at a median lead time of 170 days before KEV entry. Third, a cross-sample replication on three independent 1,000-CVE samples (Jaccard overlap = 3.3%) indicates that AEGIS ranked first among the MCDA methods tested in every sample (mean ΔAUC = +2.0 pp over TOPSIS). Fourth, a convergent validity analysis against an alternative ground truth—NVD "Exploit" reference tags—reveals that CRP's advantage is specific to active exploitation prediction and reverses sign for public exploit availability. An important caveat: all four studies operate within the same data ecosystem (NVD records, CISA KEV, FIRST EPSS, CPE-derived dependency graphs). The ablation identifies CRP as the sole empirically active mechanism: TDB and AAD produce no measurable effect across any of the four studies. All code and cached data are provided to support reproducibility.