Title :
Empirical results on the study of software vulnerabilities: NIER track
Author :
Wu, Yan ; Siy, Harvey ; Gandhi, Robin
Author_Institution :
Coll. of Inf. Sci. & Technol., Univ. of Nebraska at Omaha, Omaha, NE, USA
Abstract :
While the software development community has put a significant effort to capture the artifacts related to a discovered vulnerability in organized repositories, much of this information is not amenable to meaningful analysis and requires a deep and manual inspection. In the software assurance community a body of knowledge that provides an enumeration of common weaknesses has been developed, but it is not readily usable for the study of vulnerabilities in specific projects and user environments. We propose organizing the information in project repositories around semantic templates. In this paper, we present preliminary results of an experiment conducted to evaluate the effectiveness of using semantic templates as an aid to studying software vulnerabilities.
Keywords :
software engineering; NIER track; manual inspection; semantic templates; software assurance; software development; software vulnerabilities; Accuracy; Buffer overflow; Programming; Security; Semantics; Software; Taxonomy; buffer overflow; experiment; repository; software vulnerability;
Conference_Titel :
Software Engineering (ICSE), 2011 33rd International Conference on
Conference_Location :
Honolulu, HI
Print_ISBN :
978-1-4503-0445-0
Electronic_ISBN :
0270-5257
DOI :
10.1145/1985793.1985960
