2016 International Conference on Big Data and Smart Computing (BigComp) (2016)
Hong Kong, China
Jan. 18, 2016 to Jan. 20, 2016
Joonseok Yang , LG Electronics Inc., 298, Beotkkot-ro, Geumcheon-gu, Seoul, 08510, Republic of Korea
Duksan Ryu , School of Computing, Korea Advanced Institute of Science and Technology, 291 Daehak-ro (373-1 Guseong-dong), Yuseong-gu, Daejeon 305-701, Republic of Korea
Jongmoon Baik , School of Computing, Korea Advanced Institute of Science and Technology, 291 Daehak-ro (373-1 Guseong-dong), Yuseong-gu, Daejeon 305-701, Republic of Korea
As the need of software has been increasing, the danger of malicious attacks against software has been worse. In order to fortify software systems against adversaries, researchers have devoted significant efforts on mitigating software vulnerabilities. To eliminate security vulnerabilities from software with lower inspection effort, vulnerability prediction approaches have been emerged. By allocating human and time resource on the potentially vulnerable subset, development organization could eliminate vulnerabilities in a cost effective manner. In the vulnerability prediction approaches, a vulnerability prediction model is constructed based on various software attributes. However, vulnerability prediction models based on the traditional software attributes have provided poor prediction accuracy or low cost effectiveness since the traditional software attributes are unable to reflect vulnerability characteristics sufficiently. In this paper, we propose a novel vulnerability prediction approach based on the CERT-C Secure Coding Standard. To evaluate the efficacy of the proposed approach, the prediction results of the suggested prediction models and other traditional models were assessed in terms of prediction accuracy and cost effectiveness. The results show that the proposed method can improve the vulnerability prediction accuracy.
Software, Predictive models, Security, Encoding, Biological cells, Standards organizations
Joonseok Yang, Duksan Ryu and Jongmoon Baik, "Improving vulnerability prediction accuracy with Secure Coding Standard violation measures," 2016 International Conference on Big Data and Smart Computing (BigComp)(BIGCOMP), Hong Kong, China, 2016, pp. 115-122.