Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ESSOS
2009
Springer
2009
Springer
Toward Non-security Failures as a Predictor of Security Faults and Failures
In the search for metrics that can predict the presence of vulnerabilities early in the software life cycle, there may be some benefit to choosing metrics from the non-security realm. We analyzed non-security and security failure data reported for the year 2007 of a Cisco software system. We used non-security failure reports as input variables into a classification and regression tree (CART) model to determine the probability that a component will have at least one vulnerability. Using CART, we ranked all of the system components in descending order of their probabilities and found that 57% of the vulnerable components were in the top nine percent of the total component ranking, but with a 48% false positive rate. The results indicate that nonsecurity failures can be used as one of the input variables for security-related prediction models.
Real-time TrafficESSOS 2009 | Input Variables | Non-security Failure Reports | Security Failure Data | Software Engineering |
| Added | 19 May 2010 |
| Updated | 19 May 2010 |
| Type | Conference |
| Year | 2009 |
| Where | ESSOS |
| Authors | Michael Gegick, Pete Rotella, Laurie Williams |
Comments (0)
Researcher Info
|
