Empirical results on the study of software vulnerabilities (NIER track)

Yan Wu, Harvey Siy, Robin Gandhi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Scopus citations

Abstract

While the software development community has put a significant effort to capture the artifacts related to a discovered vulnerability in organized repositories, much of this information is not amenable to meaningful analysis and requires a deep and manual inspection. In the software assurance community a body of knowledge that provides an enumeration of common weaknesses has been developed, but it is not readily usable for the study of vulnerabilities in specific projects and user environments. We propose organizing the information in project repositories around semantic templates. In this paper, we present preliminary results of an experiment conducted to evaluate the effectiveness of using semantic templates as an aid to studying software vulnerabilities.

Original languageEnglish (US)
Title of host publicationICSE 2011 - 33rd International Conference on Software Engineering, Proceedings of the Conference
Pages964-967
Number of pages4
DOIs
Publication statusPublished - Jul 7 2011
Event33rd International Conference on Software Engineering, ICSE 2011 - Waikiki, Honolulu, HI, United States
Duration: May 21 2011May 28 2011

Publication series

NameProceedings - International Conference on Software Engineering
ISSN (Print)0270-5257

Conference

Conference33rd International Conference on Software Engineering, ICSE 2011
CountryUnited States
CityWaikiki, Honolulu, HI
Period5/21/115/28/11

    Fingerprint

Keywords

  • buffer overflow
  • experiment
  • repository
  • software vulnerability

ASJC Scopus subject areas

  • Software

Cite this

Wu, Y., Siy, H., & Gandhi, R. (2011). Empirical results on the study of software vulnerabilities (NIER track). In ICSE 2011 - 33rd International Conference on Software Engineering, Proceedings of the Conference (pp. 964-967). (Proceedings - International Conference on Software Engineering). https://doi.org/10.1145/1985793.1985960