Software vulnerability analysis
- Author:
- Ivan Victor Krsul,
- Major Professor:
- Eugene H. Spafford
Abstract
No abstract available.
Cited By
Yitagesu S, Xing Z, Zhang X, Feng Z, Li X and Han L (2023). Extraction of Phrase-based Concepts in Vulnerability Descriptions through Unsupervised Labeling, ACM Transactions on Software Engineering and Methodology, 32:5, (1-45), Online publication date: 30-Sep-2023.- Abid C, Alizadeh V, Kessentini M, Dhaouadi M and Kazman R (2021). Prioritizing refactorings for security-critical code, Automated Software Engineering, 28:2, Online publication date: 1-Nov-2021.
- Li X, Chang X, Board J and Trivedi K A novel approach for software vulnerability classification 2017 Annual Reliability and Maintainability Symposium (RAMS), (1-7)
- Moshtari S and Sami A Evaluating and comparing complexity, coupling and a new proposed set of coupling metrics in cross-project vulnerability prediction Proceedings of the 31st Annual ACM Symposium on Applied Computing, (1415-1421)
- Munaiah N and Meneely A Vulnerability severity scoring and bounties: why the disconnect? Proceedings of the 2nd International Workshop on Software Analytics, (8-14)
- Camilo F, Meneely A and Nagappan M Do bugs foreshadow vulnerabilities? Proceedings of the 12th Working Conference on Mining Software Repositories, (269-279)
- Meneely A, Tejeda A, Spates B, Trudeau S, Neuberger D, Whitlock K, Ketant C and Davis K An empirical investigation of socio-technical code review metrics and security vulnerabilities Proceedings of the 6th International Workshop on Social Software Engineering, (37-44)
- Hunny U, Zulkernine M and Weldemariam K OSDC Proceedings of the 28th Annual ACM Symposium on Applied Computing, (1131-1136)
- Meneely A and Lucidi S Vulnerability of the day: concrete demonstrations for software engineering undergraduates Proceedings of the 2013 International Conference on Software Engineering, (1154-1157)
- Nguyen V and Massacci F An idea of an independent validation of vulnerability discovery models Proceedings of the 4th international conference on Engineering Secure Software and Systems, (89-96)
- Khan M and Zulkernine M Building components with embedded security monitors Proceedings of the joint ACM SIGSOFT conference -- QoSA and ACM SIGSOFT symposium -- ISARCS on Quality of software architectures -- QoSA and architecting critical systems -- ISARCS, (133-142)
- Wang J and Guo M Vulnerability categorization using Bayesian networks Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, (1-4)
- Hansen J and Hansen N A taxonomy of vulnerabilities in implantable medical devices Proceedings of the second annual workshop on Security and privacy in medical and home-care systems, (13-20)
- Park C, Lee J, Seo S and Kim B Assuring software security against buffer overflow attacks in embedded software development life cycle Proceedings of the 12th international conference on Advanced communication technology, (787-790)
- Penta M, Cerulo L and Aversano L (2009). The life and death of statically detected vulnerabilities, Information and Software Technology, 51:10, (1469-1484), Online publication date: 1-Oct-2009.
- Jin S, Wang Y, Cui X and Yun X A review of classification methods for network vulnerability Proceedings of the 2009 IEEE international conference on Systems, Man and Cybernetics, (1171-1175)
- Gegick M, Williams L, Osborne J and Vouk M Prioritizing software security fortification throughcode-level metrics Proceedings of the 4th ACM workshop on Quality of protection, (31-38)
- Shin Y and Williams L Is complexity really the enemy of software security? Proceedings of the 4th ACM workshop on Quality of protection, (47-50)
- Ozment A Improving vulnerability discovery models Proceedings of the 2007 ACM workshop on Quality of protection, (6-11)
- Cox D, Al-Nashif Y and Hariri S Application of autonomic agents for global information grid management and security Proceedings of the 2007 Summer Computer Simulation Conference, (1147-1154)
- Debbabi M, Saleh M, Talhi C and Zhioua S Common Criteria Approach to J2ME CLDC Security Requirements Proceedings of the 2006 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the fifth SoMeT_06, (177-194)
- Gegick M and Williams L (2005). Matching attack patterns to security vulnerabilities in software-intensive system designs, ACM SIGSOFT Software Engineering Notes, 30:4, (1-7), Online publication date: 1-Jul-2005.
- Gegick M and Williams L Matching attack patterns to security vulnerabilities in software-intensive system designs Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications, (1-7)
- Baiardi F and Telmon C A theoretical model for the average impact of attacks on billing infrastructures Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security, (298-310)
- Serdiouk V Behavior-based model of detection and prevention of intrusions in computer networks Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security, (380-393)
- Seo S, You J, Kim Y, Choi J, Lee S and Kim B Building security requirements using state transition diagram at security threat location Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II, (451-456)
- Zbib R, Anjum F, Ghosh A and Umar A (2004). Intrusion Tolerance in Distributed Middleware, Information Systems Frontiers, 6:1, (67-75), Online publication date: 1-Mar-2004.
- Krsul I Software development in antagonistic and dynamic operational environments Proceedings of the 3rd Symposium on Requirements Engineering for Information Security, (1-14)
- Jonsson E, Strömberg L and Lindskog S On the functional relation between security and dependability impairments Proceedings of the 1999 workshop on New security paradigms, (104-111)
Recommendations
Analysis of software vulnerability
ISP'06: Proceedings of the 5th WSEAS International Conference on Information Security and PrivacySoftware vulnerability is the fault that can be viciously used to harm security of software system. In order to decrease the harm, vulnerability analysis can be used to find security problems of software system as early as possible, and related measures,...
Modeling Software VulnerabilitiesWith Vulnerability Cause Graphs
ICSM '06: Proceedings of the 22nd IEEE International Conference on Software MaintenanceWhen vulnerabilities are discovered in software, which often happens after deployment, they must be addressed as part of ongoing software maintenance. A mature software development organization should analyze vulnerabilities in order to determine how ...