Predicting Attack-prone Components

14 years 6 months ago

Download www.lib.ncsu.edu

GEGICK, MICHAEL CHARLES. Predicting Attack-prone Components with Source Code Static Analyzers. (Under the direction of Laurie Williams). No single vulnerability detection technique can identify all vulnerabilities in a software system. However, the vulnerabilities that are identified from a detection technique may be predictive of the residuals. We focus on creating and evaluating statistical models that predict the components that contain the highest risk residual vulnerabilities. The cost to find and fix faults grows with time in the software life cycle (SLC). A challenge with our statistical models is to make the predictions available early in the SLC to afford for cost-effective fortifications. Source code static analyzers (SCSA) are available during coding phase and are also capable of detecting code-level vulnerabilities. We use the code-level vulnerabilities identified by these tools to predict the presence of additional coding vulnerabilities and vulnerabilities associated wit...

Michael Gegick, Pete Rotella, Laurie A. Williams

Real-time Traffic

Code Static Analyzers | ICST 2009 | Software Engineering | Statistical Model | Vulnerabilities |

claim paper

Post Info
More Details (n/a)

Added	24 May 2010
Updated	24 May 2010
Type	Conference
Year	2009
Where	ICST
Authors	Michael Gegick, Pete Rotella, Laurie A. Williams

Comments (0)

Sciweavers

Predicting Attack-prone Components

Code Static Analyzers | ICST 2009 | Software Engineering | Statistical Model | Vulnerabilities |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers