• DocumentCode
    555385
  • Title

    Empirical results on the study of software vulnerabilities: NIER track

  • Author

    Wu, Yan ; Siy, Harvey ; Gandhi, Robin

  • Author_Institution
    Coll. of Inf. Sci. & Technol., Univ. of Nebraska at Omaha, Omaha, NE, USA
  • fYear
    2011
  • fDate
    21-28 May 2011
  • Firstpage
    964
  • Lastpage
    967
  • Abstract
    While the software development community has put a significant effort to capture the artifacts related to a discovered vulnerability in organized repositories, much of this information is not amenable to meaningful analysis and requires a deep and manual inspection. In the software assurance community a body of knowledge that provides an enumeration of common weaknesses has been developed, but it is not readily usable for the study of vulnerabilities in specific projects and user environments. We propose organizing the information in project repositories around semantic templates. In this paper, we present preliminary results of an experiment conducted to evaluate the effectiveness of using semantic templates as an aid to studying software vulnerabilities.
  • Keywords
    software engineering; NIER track; manual inspection; semantic templates; software assurance; software development; software vulnerabilities; Accuracy; Buffer overflow; Programming; Security; Semantics; Software; Taxonomy; buffer overflow; experiment; repository; software vulnerability;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Software Engineering (ICSE), 2011 33rd International Conference on
  • Conference_Location
    Honolulu, HI
  • ISSN
    0270-5257
  • Print_ISBN
    978-1-4503-0445-0
  • Electronic_ISBN
    0270-5257
  • Type

    conf

  • DOI
    10.1145/1985793.1985960
  • Filename
    6032563
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=555385