Fabien Patrick Viertel scite author profile

Fabien Patrick Viertel

5Publications

5Citation Statements Received

22Citation Statements Given

How they've been cited

How they cite others

Affiliations

Leibniz University Hannover

Publications

Order By: Most citations

Detecting Security Vulnerabilities using Clone Detection and Community Knowledge

Viertel¹,

Brunotte²,

Strüber³

et al. 2019

View full text Add to dashboard Cite

Faced with the severe financial and reputation implications associated with data breaches, enterprises now recognize security as a top concern for software analysis tools. While software engineers are typically not equipped with the required expertise to identify vulnerabilities in code, community knowledge in the form of publicly available vulnerability databases could come to their rescue. For example, the Common Vulnerabilities and Exposures Database (CVE) contains data about already reported weaknesses. However, the support with available examples in these databases is scarce. CVE entries usually do not contain example code for a vulnerability, its exploit or patch. They just link to reports or repositories that provide this information. Manually searching these sources for relevant information is time-consuming and error-prone. In this paper, we propose a vulnerability detection approach based on community knowledge and clone detection. The key idea is to harness available example source code of software weaknesses, from a large-scale vulnerability database, which are matched to code fragments using clone detection. We leverage a clone detection technique from the literature, which we adapted to make it applicable to vulnerability databases. In an evaluation based on 20 reports and affected projects, our approach showed good precision and recall.

show abstract

Are Third-Party Libraries Secure? A Software Library Checker for Java

Viertel

Kortum

Wagner

et al. 2019

View full text Add to dashboard Cite

Maintaining Security in Software Evolution

Jürjens

Schneider

Bürger

et al. 2019

View full text Add to dashboard Cite

Tacit Knowledge in Software Evolution

Johanßen

Viertel

Bruegge

et al. 2019

View full text Add to dashboard Cite

Requirement elicitation is an essential activity to identify functional and nonfunctional requirements of a software system. In long-living software systems, requirements identification and update are particularly challenging. This typically results in an incomplete set of requirements. The reasons for this lie in continuous changes over the lifetime of the software system, followed by a substantial part of the requirements that remains unspoken: Users, and generally any stakeholder of a software system, might not be consciously aware of new or evolved needs or of the associated reasons. As a result, they are unable to express and verbalise requirements that relate to this knowledge, which is called tacit knowledge. This chapter details the identification and externalisation of tacit knowledge during both the design time and run time of a long-living and continuously evolving system. The overall goal is to detect deviations between explicitly elicited requirements and implicitly derived requirements. We discuss two cases in which the identification and externalisation of tacit knowledge is crucial for high-quality software systems. In the first case, tacit knowledge about security is identified and externalised by heuristics as an example for non-functional requirements elicited during design time. Previously externalised knowledge is encoded in heuristics and filters for machine learning, which classify general requirements into more and less securityrelated ones. As a consequence, security experts can focus their time and effort on the more security-related requirements. In the long term of a long-living software system, externalising and reusing tacit security knowledge will be embedded in a cyclic learning process.

show abstract

System evolution through semi-automatic elicitation of security requirements: A Position Paper ⁎ ⁎Research supported by the DFG (German Research Foundation) in Priority Programme SPP1593: Design for Future - Managed Software Evolution (VO 937/20-2 and JU 2734/2-2).

Vargas

Bürger

Viertel³

et al. 2018

IFAC-PapersOnLine

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.