The Community for Technology Leaders
2013 IEEE International Conference on Software Maintenance (2006)
Philadelphia, Pennsylvania
Sept. 24, 2006 to Sept. 27, 2006
ISSN: 1063-6773
ISBN: 0-7695-2354-4
pp: 411-422
David Byers , Linkopings universitet, SE-58183 Linkoping, Sweden
Nahid Shahmehri , Linkopings universitet, SE-58183 Linkoping, Sweden
Claudiu Duma , Linkopings universitet, SE-58183 Linkoping, Sweden
Shanai Ardi , Linkopings universitet, SE-58183 Linkoping, Sweden
ABSTRACT
<p>When vulnerabilities are discovered in software, which often happens after deployment, they must be addressed as part of ongoing software maintenance. A mature software development organization should analyze vulnerabilities in order to determine how they, and similar vulnerabilities, can be prevented in the future.</p> <p>In this paper we present a structured method for analyzing and documenting the causes of software vulnerabilities. Applied during software maintenance, the method generates the information needed for improving the software development process, to prevent similar vulnerabilities in future releases.</p> <p>Our approach is based on vulnerability cause graphs, a structured representation of causes of software vulnerabilities.</p>
INDEX TERMS
software security, vulnerability modeling
CITATION
David Byers, Nahid Shahmehri, Claudiu Duma, Shanai Ardi, "Modeling Software VulnerabilitiesWith Vulnerability Cause Graphs", 2013 IEEE International Conference on Software Maintenance, vol. 00, no. , pp. 411-422, 2006, doi:10.1109/ICSM.2006.40
93 ms
(Ver )