Name
Abstract | ||
|---|---|---|
Software vendors are increasingly concerned about mitigating the security risk of their software. Code quality improvement is a traditional approach to mitigate security risk; measuring and reducing the attack surface of software is a complementary approach. In this paper, we apply a method for measuring attack surfaces to enterprise software written in Java . We implement a tool as an Eclipse plugin to measure an SAP software system's attack surface in an automated manner. We demonstrate the feasibility of our approach by measuring the attack surfaces of three versions of an SAP software system. We envision our measurement method and tool to be useful to software developers for improving software security and quality. |
Year | DOI | Venue |
|---|---|---|
2009 | 10.1007/978-3-642-00199-4_8 | ESSoS |
Keywords | Field | DocType |
traditional approach,complementary approach,software security,software vendor,code quality improvement,security risk,attack surface,enterprise software,sap software system,attack surfaces,software developer | Attack surface,Software engineering,Software security assurance,Computer science,Backporting,Software verification and validation,Software quality,Software construction,Software development,Software sizing,Database | Conference |
Volume | ISSN | Citations |
5429 | 0302-9743 | 7 |
PageRank | References | Authors |
0.74 | 2 | 3 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Pratyusa K. Manadhata | 1 | 214 | 11.66 |
| Yuecel Karabulut | 2 | 10 | 1.89 |
| Jeannette M. Wing | 3 | 6429 | 874.60 |