Name
Title | ||
|---|---|---|
Using semantic templates to study vulnerabilities recorded in large software repositories. |
Abstract | ||
|---|---|---|
Software repositories are rich sources of information about vulnerabilities that occur during a product's lifecycle. Although available, such information is scattered across numerous databases. Furthermore, in large software repositories, a single vulnerability may span across multiple components and have multidimensional interactions with other vulnerabilities. Thus, identifying the patterns of vulnerability occurrence in a larger context of software development continues to be an open problem. Here we present findings from our study of vulnerable software components using an ontology-guided analysis of vulnerabilities recorded in a software project's code repository. In this approach, a semantic template for each type of vulnerability is created from information in the Common Weakness Enumeration dictionary. Next, known vulnerabilities and related concepts in the repository are tagged with concepts from the template. Based on the characteristics of the resources affected by these vulnerabilities, other similar resources in the software can be identified for closer inspection and verification. We present results from our study of vulnerabilities in the Apache web server. |
Year | Venue | Keywords |
|---|---|---|
2010 | Using semantic templates to study vulnerabilities recorded in large software repositories | present finding,cwe,software project,fix patterns,cve,current software,apache web server project,large software project,user environment,software repository,ontology,present result,code repository,software development,vulnerability occurrence,new vulnerability,buffer overflow,vulnerability,vulnerable software component,large software repository,software development community,software assurance community,single vulnerability,semantic template,semantics,computer security |
Field | DocType | Citations |
Static program analysis,World Wide Web,Software security assurance,Package development process,Computer science,Software system,Backporting,Software construction,Software framework,Software development | Conference | 11 |
PageRank | References | Authors |
1.07 | 7 | 3 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Yan Wu | 1 | 14 | 3.28 |
| Robin A. Gandhi | 2 | 129 | 11.56 |
| Harvey Siy | 3 | 581 | 44.51 |