Empirical results on the study of software vulnerabilities (NIER track)

Yan Wu, Harvey Siy, Robin Gandhi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)

Abstract

While the software development community has put a significant effort to capture the artifacts related to a discovered vulnerability in organized repositories, much of this information is not amenable to meaningful analysis and requires a deep and manual inspection. In the software assurance community a body of knowledge that provides an enumeration of common weaknesses has been developed, but it is not readily usable for the study of vulnerabilities in specific projects and user environments. We propose organizing the information in project repositories around semantic templates. In this paper, we present preliminary results of an experiment conducted to evaluate the effectiveness of using semantic templates as an aid to studying software vulnerabilities.

Original languageEnglish (US)
Title of host publicationICSE 2011 - 33rd International Conference on Software Engineering, Proceedings of the Conference
Pages964-967
Number of pages4
DOIs
StatePublished - Jul 7 2011
Event33rd International Conference on Software Engineering, ICSE 2011 - Waikiki, Honolulu, HI, United States
Duration: May 21 2011May 28 2011

Publication series

NameProceedings - International Conference on Software Engineering
ISSN (Print)0270-5257

Conference

Conference33rd International Conference on Software Engineering, ICSE 2011
CountryUnited States
CityWaikiki, Honolulu, HI
Period5/21/115/28/11

Fingerprint

Semantics
Software engineering
Inspection
Experiments

Keywords

  • buffer overflow
  • experiment
  • repository
  • software vulnerability

ASJC Scopus subject areas

  • Software

Cite this

Wu, Y., Siy, H., & Gandhi, R. (2011). Empirical results on the study of software vulnerabilities (NIER track). In ICSE 2011 - 33rd International Conference on Software Engineering, Proceedings of the Conference (pp. 964-967). (Proceedings - International Conference on Software Engineering). https://doi.org/10.1145/1985793.1985960

Empirical results on the study of software vulnerabilities (NIER track). / Wu, Yan; Siy, Harvey; Gandhi, Robin.

ICSE 2011 - 33rd International Conference on Software Engineering, Proceedings of the Conference. 2011. p. 964-967 (Proceedings - International Conference on Software Engineering).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Wu, Y, Siy, H & Gandhi, R 2011, Empirical results on the study of software vulnerabilities (NIER track). in ICSE 2011 - 33rd International Conference on Software Engineering, Proceedings of the Conference. Proceedings - International Conference on Software Engineering, pp. 964-967, 33rd International Conference on Software Engineering, ICSE 2011, Waikiki, Honolulu, HI, United States, 5/21/11. https://doi.org/10.1145/1985793.1985960
Wu Y, Siy H, Gandhi R. Empirical results on the study of software vulnerabilities (NIER track). In ICSE 2011 - 33rd International Conference on Software Engineering, Proceedings of the Conference. 2011. p. 964-967. (Proceedings - International Conference on Software Engineering). https://doi.org/10.1145/1985793.1985960
Wu, Yan ; Siy, Harvey ; Gandhi, Robin. / Empirical results on the study of software vulnerabilities (NIER track). ICSE 2011 - 33rd International Conference on Software Engineering, Proceedings of the Conference. 2011. pp. 964-967 (Proceedings - International Conference on Software Engineering).
@inproceedings{0377cfc738f644158cbf59d777375e12,
title = "Empirical results on the study of software vulnerabilities (NIER track)",
abstract = "While the software development community has put a significant effort to capture the artifacts related to a discovered vulnerability in organized repositories, much of this information is not amenable to meaningful analysis and requires a deep and manual inspection. In the software assurance community a body of knowledge that provides an enumeration of common weaknesses has been developed, but it is not readily usable for the study of vulnerabilities in specific projects and user environments. We propose organizing the information in project repositories around semantic templates. In this paper, we present preliminary results of an experiment conducted to evaluate the effectiveness of using semantic templates as an aid to studying software vulnerabilities.",
keywords = "buffer overflow, experiment, repository, software vulnerability",
author = "Yan Wu and Harvey Siy and Robin Gandhi",
year = "2011",
month = "7",
day = "7",
doi = "10.1145/1985793.1985960",
language = "English (US)",
isbn = "9781450304450",
series = "Proceedings - International Conference on Software Engineering",
pages = "964--967",
booktitle = "ICSE 2011 - 33rd International Conference on Software Engineering, Proceedings of the Conference",

}

TY - GEN

T1 - Empirical results on the study of software vulnerabilities (NIER track)

AU - Wu, Yan

AU - Siy, Harvey

AU - Gandhi, Robin

PY - 2011/7/7

Y1 - 2011/7/7

N2 - While the software development community has put a significant effort to capture the artifacts related to a discovered vulnerability in organized repositories, much of this information is not amenable to meaningful analysis and requires a deep and manual inspection. In the software assurance community a body of knowledge that provides an enumeration of common weaknesses has been developed, but it is not readily usable for the study of vulnerabilities in specific projects and user environments. We propose organizing the information in project repositories around semantic templates. In this paper, we present preliminary results of an experiment conducted to evaluate the effectiveness of using semantic templates as an aid to studying software vulnerabilities.

AB - While the software development community has put a significant effort to capture the artifacts related to a discovered vulnerability in organized repositories, much of this information is not amenable to meaningful analysis and requires a deep and manual inspection. In the software assurance community a body of knowledge that provides an enumeration of common weaknesses has been developed, but it is not readily usable for the study of vulnerabilities in specific projects and user environments. We propose organizing the information in project repositories around semantic templates. In this paper, we present preliminary results of an experiment conducted to evaluate the effectiveness of using semantic templates as an aid to studying software vulnerabilities.

KW - buffer overflow

KW - experiment

KW - repository

KW - software vulnerability

UR - http://www.scopus.com/inward/record.url?scp=79959888787&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79959888787&partnerID=8YFLogxK

U2 - 10.1145/1985793.1985960

DO - 10.1145/1985793.1985960

M3 - Conference contribution

AN - SCOPUS:79959888787

SN - 9781450304450

T3 - Proceedings - International Conference on Software Engineering

SP - 964

EP - 967

BT - ICSE 2011 - 33rd International Conference on Software Engineering, Proceedings of the Conference

ER -