ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Applying Software Reliability Models on Security Incidents
ISSRE '07 Proceedings of the The 18th IEEE International Symposium on Software Reliability
Toward Non-security Failures as a Predictor of Security Faults and Failures
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Predicting vulnerable software components with dependency graphs
Proceedings of the 6th International Workshop on Security Measurements and Metrics
Hi-index | 0.00 |
Limited resources preclude software engineers from finding and fixing all security vulnerabilities in a software system. A predictive model that identifies which components are attack-prone can prioritize fortification efforts where they are needed most. We have analyzed two large commercial telecommunications systems that have been deployed to the field. We have found strong correlations (as high as 0.82) between non-security failures and security failures and that the most failure-prone components are likely to be attack-prone. Additionally, non-security failures were found to be a good metric for estimating the count of security failures for a given software