Automating Vulnerability Management in the Software Development Lifecycle

被引：0

作者：

Franca, Horacio L. ^{[1
]}

Teixeira, Cesar ^{[1
]}

laranjeiro, Nuno ^{[1
]}

机构：

[1] Univ Coimbra, CISUC, DEI, Coimbra, Portugal

来源：

2023 53RD ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS - SUPPLEMENTAL VOLUME, DSN-S | 2023年

关键词：

issue report; vulnerabilities; security; software development; machine learning;

D O I：

10.1109/DSN-S58398.2023.00051

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Managing the presence of vulnerabilities in software can be a time and resource consuming process. The advancements in machine learning (ML) over the past few years have allowed us to automate parts of the software development lifecycle, including the identification of vulnerabilities starting from bug reports. However, such approaches have known gaps generally related with subpar effectiveness. In this PhD, we intend to propose a vulnerability management framework aiming at four main objectives: i) highly effective vulnerability identification starting from bug reports; ii) detailed vulnerability classification; iii) prediction of main aspects related with the correction (e.g., defect triage); and iv) recommending corrections based on the detailed knowledge obtained in the previous phases.

引用

页码：188 / 190

页数：3

共 50 条

[1] Aspects of improvement of software development lifecycle management
Klespitz, Jozsef
Biro, Miklos
Kovacs, Levente
[J]. 2015 16TH IEEE INTERNATIONAL SYMPOSIUM ON COMPUTATIONAL INTELLIGENCE AND INFORMATICS (CINTI), 2015, : 323 - 327
[2] Security in the Software Development Lifecycle
Assal, Hala
Chiasson, Sonia
[J]. PROCEEDINGS OF THE FOURTEENTH SYMPOSIUM ON USABLE PRIVACY AND SECURITY, 2018, : 281 - 296
[3] AUTOMATING THE TRANSFORMATIONAL DEVELOPMENT OF SOFTWARE
FICKAS, SF
[J]. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 1985, 11 (11) : 1268 - 1277
[4] AUTOMATING SOFTWARE-DEVELOPMENT
TOPPER, A
[J]. IEEE SPECTRUM, 1991, 28 (11) : 56 - &
[5] A progressive software development lifecycle
Turpin, R
[J]. SECOND IEEE INTERNATIONAL CONFERENCE ON ENGINEERING OF COMPLEX COMPUTER SYSTEMS: HELD JOINTLY WITH 6TH CSESAW, 4TH IEEE RTAW, AND SES'96, 1996, : 208 - 211
[6] Get a grip on your distributed software development with application lifecycle management
Kaariainen, Jukka
Valimaki, Antti
[J]. INTERNATIONAL JOURNAL OF COMPUTER APPLICATIONS IN TECHNOLOGY, 2011, 40 (03) : 181 - 190
[7] UGS product lifecycle management software
不详
[J]. AIRCRAFT ENGINEERING AND AEROSPACE TECHNOLOGY, 2007, 79 (05): : 569 - 569
[8] Software Development Governor: Automating Governance in Software Development Environments
Yaeli, Avi
Kofman, Alex
Dubinsky, Yael
[J]. 2009 31ST INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, COMPANION VOLUME, 2009, : 413 - 414
[9] Business and Software Service Lifecycle Management
Kohlborn, Thomas
Korthaus, Axel
Rosemann, Michael
[J]. EDOC: 2009 IEEE INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE, 2009, : 87 - 96
[10] Adherence to Secure Software Development Lifecycle
Omar, Alaa'
Alsadeh, Ahmad
Nawahdah, Mamoun
[J]. PROCEEDINGS OF THE 17TH INTERNATIONAL CONFERENCE ON SOFTWARE TECHNOLOGIES (ICSOFT), 2022, : 410 - 417

← 1 2 3 4 5 →