Title | ||
---|---|---|
Improving vulnerability detection measurement: [test suites and software security assurance]. |
Abstract | ||
---|---|---|
The Software Assurance Metrics and Tool Evaluation (SAMATE) project at the National Institute of Standards and Technology (NIST) has created the Software Assurance Reference Dataset (SARD) to provide researchers and software security assurance tool developers with a set of known security flaws. As part of an empirical evaluation of a runtime monitoring framework, two test suites were executed and monitored, revealing deficiencies which led to a collaboration with the NIST SAMATE team to provide replacements. Test Suites 45 and 46 are analyzed, discussed, and updated to improve accuracy, consistency, preciseness, and automation. Empirical results show metrics such as recall, precision, and F-Measure are all impacted by invalid base assumptions regarding the test suites. |
Year | DOI | Venue |
---|---|---|
2016 | 10.1145/2915970.2915994 | EASE |
Keywords | Field | DocType |
Static Analysis, Dynamic Analysis, Weakness, Vulnerability, Security Metrics, Test Suites | Software engineering,Computer science,Software security assurance,Static analysis,Automation,NIST,Measurement test,Software assurance,Reliability engineering,Vulnerability,Vulnerability detection | Conference |
Citations | PageRank | References |
1 | 0.35 | 8 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Alexander M. Hoole | 1 | 10 | 1.99 |
Issa Traore | 2 | 306 | 32.31 |
Aurelien Delaitre | 3 | 25 | 5.33 |
Charles de Oliveira | 4 | 1 | 0.35 |