Software Security; A Vulnerability Activity Revisit

Hadavi, Mohammad Ali; Sangchi, H. M.; Hamishagi, V.S.; Shirazi, Hossein

doi:10.1109/ares.2008.200

Cited by 16 publications

(6 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Goal/Question/Metric (GQM) approach is one of the best known approaches to develop security metrics and to assess the security risks in the stages of software development process [9] [10]. …”

Section: Security Metricsmentioning

confidence: 99%

See 1 more Smart Citation

Significance of Security Metrics in Secure Software Development

Siddiqui¹

2017

IJAIS

View full text Add to dashboard Cite

show abstract

Section: Security Metricsmentioning

confidence: 99%

“…A number of security metrics have been specified and described in detail that portrays the security related issues in the development stages of the software also given in table 2 [9] [10].…”

Section: Security Metrics In Software Development Processmentioning

confidence: 99%

Significance of Security Metrics in Secure Software Development

Siddiqui¹

2017

IJAIS

View full text Add to dashboard Cite

show abstract

“…The use of prior development knowledge -such as, knowledge contained in defect data-can help the adoption of secure development process [14,11,16]. More specifically, defect data can be accumulated and analyzed systematically to reveal a concise view of the development process signature and software profile.…”

Section: Introductionmentioning

confidence: 99%

Osdc

Hunny

Zulkernine

Weldemariam

2013

Proceedings of the 28th Annual ACM Symposium on Applied Computing

View full text Add to dashboard Cite

Software defect data provide an invaluable source of information for developers, testers and so forth. A concise view of a software profile, its development process, and their relationships can be systematically extracted and analyzed to deduce adequate corrective measures based on previously discovered weaknesses. This kind of approach is being widely used in various projects to improve the quality of a software system. This paper builds on top of the orthogonal defect classification (ODC) scheme to provide a structured security-specific defect classification. We perform a detailed analysis on the classified data and obtain in-process feedback so that the next version of the software can be more secure and reliable. We experimented our customized methodology on Firefox and Chrome defect repositories using six consecutive versions and milestones, respectively. We found that in-process feedback can help development team to take corrective actions as early as possible. We also studied the correlations between software defect types and software development lifecycle to understand development improvement.

show abstract

“…Además, otro trabajo (Shi et al, 2010) realizó la evaluación de diferentes herramientas de seguridad, a la vez que se compararon las habilidades de las mismas. Por otro lado, otros trabajos (Hadavi et al, 2008;Qualys, 2009;Mell et al, 2007;Huan et al, 2010;Yunhua y Pei, 2010;Harada et al, 2010;Jensen et al, 2008;Wren et al, 2010;Al-Fedaghi, 2010;Kuhn y Johnson, 2010;García y Vázquez, 2005) buscan aportar al avance de la investigación relacionada con las vulnerabilidades en seguridad informática.…”

Section: Introductionunclassified

Metodología para la Detección de Vulnerabilidades en Redes de Datos

2012

View full text Add to dashboard Cite

ResumenEl objetivo principal de este trabajo fue diseñar una metodología para la detección de vulnerabilidades en redes de datos. Para esto se desarrollaron diferentes fases llamadas reconocimiento, escaneo de puertos y enumeración de servicios, y escaneo de vulnerabilidades, cada una de las cuales es soportada por herramientas de software. Los resultados de cada fase suministran datos necesarios para la ejecución de las siguientes etapas. Con el fin de validar la utilidad de la metodología propuesta se llevó a cabo su implementación en la red de datos de la Universidad de Cartagena en Colombia, encontrando diferentes tipos de vulnerabilidades. Finalmente apoyándose en los resultados obtenidos, se encontró que la metodología propuesta es de gran utilidad para detectar vulnerabilidades en redes de datos, lo que demuestra su importancia para el área de la seguridad informática. Palabras clave: detección de vulnerabilidades, enumeración de servicios, escaneo de puertos, seguridad informática Methodology for Detecting Vulnerabilities in Data Networks AbstractThe main objective of this study was to design a methodology for the detection of vulnerabilities in data networks. This involved the development of different phases, called recognition, port scanning and service enumeration, and vulnerability scanning, each of which is supported by software tools. The results of each phase supplied the necessary data for implementing the following stages. To validate the usefulness of the proposed methodology this was implemented in the data network of the University of Cartagena in Colombia, finding different types of vulnerabilities. Finally, based on the results, it was found that the proposed methodology is useful for detecting vulnerabilities in data networks, demonstrating their importance to the area of computer security.

show abstract

Software Security; A Vulnerability Activity Revisit

Cited by 16 publications

References 19 publications

Significance of Security Metrics in Secure Software Development

Significance of Security Metrics in Secure Software Development

Osdc

Metodología para la Detección de Vulnerabilidades en Redes de Datos

Contact Info

Product

Resources

About