Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ICSM
2003
IEEE
2003
IEEE
Characterizing the 'Security Vulnerability Likelihood' of Software Functions
Software maintainers and auditors would benefit from a tool to help them focus their attention on functions that are likely to be the source of security vulnerabilities. However, the existence of such a tool is predicated on the ability to characterize a function’s ‘security vulnerability likelihood.’ Our hypothesis is that functions near a source of input are most likely to contain a security vulnerability. These functions should be a small percentage of the total number of functions in the system. To validate this hypothesis, we performed an experiment involving thirty one vulnerabilities in open source software. This paper describes the experiment, its outcome, and the tools used to conduct it. It also describes the FLF Finder, which is a tool that was developed using knowledge gathered from the outcome of the experiment. This tool automates the detection of high risk functions. To demonstrate the effectiveness of the FLF Finder, three open source applications with known vul...
Real-time TrafficRelated Content
| Added | 04 Jul 2010 |
| Updated | 04 Jul 2010 |
| Type | Conference |
| Year | 2003 |
| Where | ICSM |
| Authors | Dan DaCosta, Christopher Dahn, Spiros Mancoridis, Vassilis Prevelakis |
Comments (0)
Researcher Info
|
