Towards a Unifying Approach in Understanding Security Problems
作者: Prasanth Anbalagan , Mladen Vouk
关键词:
摘要: To evaluate security in the context of software reliability engineering, it is necessary to analyse problems, actual exploits, and their relationship with an understanding operational behaviour system. That can be done terms effort involved through classic factors such as calendar inservice time, etc. Existing studies focus primarily on problems exploits. Less attention has been given study between We present analysis classification 43,710 vulnerabilities from Open Source National Vulnerability Database for two specific products - Bugzilla FEDORA. About 35% published have exploited. 34% are disclosed a result exploit only 1.3% exploited after being publicly disclosed. investigate unifying approach, understand component reliability. disclosure exploits respect time impact process correcting discuss our approach using collected data.
computer.org
ieeecomputersociety.org参考文章(30)
Thomas Zimmermann, Stephan Neuhaus, The beauty and the beast: vulnerabilities in red hat’s packages usenix annual technical conference. pp. 30- 30 ,(2009)
Anthony Iannino, Kazuhira Okumoto, John D. Musa, Software Reliability: Measurement, Prediction, Application ,(1987)
O.H. Alhazmi, Y.K. Malaiya, Modeling the vulnerability discovery process international symposium on software reliability engineering. pp. 129- 138 ,(2005) , 10.1109/ISSRE.2005.30
K. Tsipenyuk, B. Chess, G. McGraw, Seven pernicious kingdoms: a taxonomy of software security errors ieee symposium on security and privacy. ,vol. 3, pp. 81- 84 ,(2005) , 10.1109/MSP.2005.159
G.F.G. O'Shea, Operating system integrity Computers & Security. ,vol. 10, pp. 443- 465 ,(1991) , 10.1016/0167-4048(91)90070-T
Prasanth Anba, Mladen Vouk, An empirical study of security problem reports in Linux distributions empirical software engineering and measurement. pp. 481- 484 ,(2009) , 10.1109/ESEM.2009.5315985
Prasanth Anbalagan, Mladen Vouk, On Reliability Analysis of Open Source Software - FEDORA international symposium on software reliability engineering. pp. 325- 326 ,(2008) , 10.1109/ISSRE.2008.53
S.A. Hissam, D. Plakosh, C. Weinstock, Trust and vulnerability in open source software IEE Proceedings - Software. ,vol. 149, pp. 47- 51 ,(2002) , 10.1049/IP-SEN:20020208
W. S. McPhee, Operating system integrity in OS/VS2 IBM Systems Journal. ,vol. 13, pp. 230- 252 ,(1974) , 10.1147/SJ.133.0230
N.F. Schneidewind, Reliability - security model international conference on engineering of complex computer systems. pp. 279- 288 ,(2006) , 10.1109/ICECCS.2006.1690377