A large scale exploratory analysis of software vulnerability life cycles

Shahzad,; Shafiq,; Liu, Ming

doi:10.1109/icse.2012.6227141

Cited by 138 publications

(104 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Parsers are crawlers or scrapers designed to crawl the web and extract specific information about vulnerabilities, patches and exploits from the selected data sources. Currently we have parsers for six different vulnerability data sources (National Vulnerability Database data source 3 , Security database data source 4 , CVE data source 5 , CVE Details data source 6 , Security , Cisco 12 etc.,) and exploits from Exploit database 13 (illustrated by the left-most column in Figure 2). Due to the modular structure of the data collation framework, more parsers for other security data sources can easily be added.…”

Section: A Backendmentioning

confidence: 99%

vepRisk - A Web Based Analysis Tool for Public Security Data

Andongabo

Gashi

2017

2017 13th European Dependable Computing Conference (EDCC)

View full text Add to dashboard Cite

Abstract-We present vepRisk (Vulnerabilities, Exploits and Patches Risk analysis tool): a web-based tool for analyzing publically available security data. The tool has a backend modules that mine, extract, parse and store data from public repositories of vulnerabilities, exploits and patches; and a frontend web-based application that provides functionality for analyzing the data. The frontend uses shinyR, hence allowing integration with the R statistical analysis package and seamless use of R functions. We also present initial analysis we have done with the tool, and outline the extensions and future development we plan to integrate into the tool in the near future.

show abstract

Section: A Backendmentioning

confidence: 99%

vepRisk - A Web Based Analysis Tool for Public Security Data

Andongabo

Gashi

2017

2017 13th European Dependable Computing Conference (EDCC)

View full text Add to dashboard Cite

show abstract

“…It specifies the effort on estimating the effort required for developing new exploits. Mc Queen, Boyer and M.Chaffin in [4] specifies an empirical study on the total number of zero day vulnerabilities available on a single day based on existing facts about vulnerabilities. Wang, Noel and Jajodia in [7] proposed a method that views vulnerability as a Boolean variable and derive a logic proposition…”

Section: Related Workmentioning

confidence: 99%

Detection and Prevention of Unknown Vulnerabilities on Enterprise IP Networks

Rose¹

2015

IJRITCC

View full text Add to dashboard Cite

Abstract-Computer networks have long become the backbone of Enterprise Information System. The substantial share of the security problems are still encountered in Enterprise Network. Cyber espionage can effect Ethical, Military, Political and Economic interest an ywhere. To provide secure computer networks, it is necessary to measure the relative effectiveness of security solution in the network. A network security metric enable a direct measurement and comparison of the amounts of security provided by different security solutions .In this paper we propose a novel security metric Zero Day Vulnerability Prevention Framework consists of bunches of algorithms. The above framework detects and prevents unknown vulnerabilities in Enterprise IP networks. It also protects the behavior of the sessions performed by the user from the huge range of attacks. It helps in monitoring database requests and prevents the attacks. The proposed framework also implements worm and virus detection to evaluate malware from the data. The system also presents scoring to the vulnerabilities and finally it performs security analysis with the help of Topological Vulnerability Analysis (TVA) tool.

show abstract

“…The range of variables belongs to [1], [2]. With frameworks proposed in this paper, the results of memory allocation vulnerability analysis in C programs are showed in Table 1.…”

Section: Examplesmentioning

confidence: 99%

“…Unfortunately, the instability of software always brings information security problems. A tiny vulnerability of software could lead to a great harm [1]. A memory allocation known as a design vulnerability refers to performing manual memory management in C programs for dynamic memory allocation in C programming language via a group of function in C standard library, namely malloc( ), realloc( ), calloc( ) and free( ).…”

Section: Introductionmentioning

confidence: 99%

Memory Allocation Vulnerability Analysis and Analysis Optimization for C Programs Based on Formal Methods

Deng¹,

Liu²,

Guo³

et al. 2015

JSW

View full text Add to dashboard Cite

Abstract:The information security problems caused by the software vulnerabilities have became more and more complex. Among these vulnerabilities, the ones existing in memory allocations appear to be difficult to diagnose due to the absence of an appropriate method. In order to solve this problem, we introduce a methodology including four novel frameworks in this paper. The formalization for a program called algebraic transition system is proposed first. It aims to transform the data exchange process and its security attribute of a program into algebraic systems which are able to be considered as objection functions and constraint conditions, respectively. Based on the systems, the behavior and structure of formalization are optimized with bisimulation to reduce the computing cost in the subsequent processes. The determination of bisimulation is implemented by numerical and symbolic computation. Finally, the specific detection of the memory allocation vulnerability in the C program can be changed into a constraints solving problem called Max function which is able to be resolved with the filled function method. The experiment results represent that our approach is feasible.

show abstract

A large scale exploratory analysis of software vulnerability life cycles

Cited by 138 publications

References 15 publications

vepRisk - A Web Based Analysis Tool for Public Security Data

vepRisk - A Web Based Analysis Tool for Public Security Data

Detection and Prevention of Unknown Vulnerabilities on Enterprise IP Networks

Memory Allocation Vulnerability Analysis and Analysis Optimization for C Programs Based on Formal Methods

Contact Info

Product

Resources

About