Wheeler et al., 2015 - Google Patents
Open source software projects needing security investmentsWheeler et al., 2015
View PDF- Document ID
- 1627030565457621924
- Author
- Wheeler D
- Khakimov S
- Publication year
External Links
Snippet
Some open source software OSS is widely used and depended on, and yet not received the level of security analysis appropriate to its importance. This paper describes our work to help identify OSS projects that may especially need investment for security by identifying and …
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06Q—DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management, e.g. organising, planning, scheduling or allocating time, human or machine resources; Enterprise planning; Organisational models
- G06Q10/063—Operations research or analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06Q—DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation, e.g. computer aided management of electronic mail or groupware; Time management, e.g. calendars, reminders, meetings or time accounting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06Q—DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce, e.g. shopping or e-commerce
- G06Q30/01—Customer relationship, e.g. warranty
- G06Q30/018—Business or product certification or verification
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Jimenez et al. | The importance of accounting for real-world labelling when predicting software vulnerabilities | |
| Prana et al. | Out of sight, out of mind? How vulnerable dependencies affect open-source projects | |
| Hou et al. | A systematic literature review on trust in the software ecosystem | |
| US9286063B2 (en) | Methods and systems for providing feedback and suggested programming methods | |
| Tamberg et al. | Harnessing large language models for software vulnerability detection: A comprehensive benchmarking study | |
| Soud et al. | A fly in the ointment: an empirical study on the characteristics of Ethereum smart contract code weaknesses | |
| Elder et al. | A survey on software vulnerability exploitability assessment | |
| Hasan et al. | Model Context Protocol (MCP) at First Glance: Studying the Security and Maintainability of MCP Servers | |
| May et al. | Vulnerably (mis) configured? Exploring 10 years of developers' Q&As on Stack Overflow | |
| Wheeler et al. | Open source software projects needing security investments | |
| Friman | Agile and DevSecOps oriented vulnerability detection and mitigation on public cloud | |
| Muegge et al. | Time to discover and fix software vulnerabilities in open source software projects: Notes on measurement and data availability | |
| Heilmann | Application Security Review Criteria for DevSecOps Processes | |
| Ufuktepe et al. | Estimating software robustness in relation to input validation vulnerabilities using Bayesian networks | |
| Adhikari | EVALUATING SECURITY TOOLS IN THE CONTEXT OF DEVSECOPS | |
| Temelko et al. | Systematic literature review of the trust reinforcement mechanisms exist in package ecosystems | |
| Pashchenko | Decision support of security assessment of software vulnerabilities in industrial practice | |
| AJVAZI et al. | Security Standards for Web Applications | |
| Faura et al. | A user-centric evaluation of smart contract analysis tools in decentralised finance (defi) | |
| Jimenez et al. | An empirical study on vulnerability prediction of open-source software releases | |
| Alqahtani | Enhancing Trust–A Unified Meta-Model for Software Security Vulnerability Analysis | |
| Orazi et al. | Enhancing and integration of security testing in the development of a microservices environment | |
| Kumar et al. | Vulnerability Management of Open-Source Libraries | |
| Hastings | Combating Source Poisoning and Next-Generation Software Supply Chain Attacks Using Education, Tools, and Techniques | |
| Sultana et al. | Using software metrics for predicting vulnerable classes in java and python based systems |