Typestate: A programming language concept for enhancing software reliability
IEEE Transactions on Software Engineering
Software metrics (2nd ed.): a rigorous and practical approach
Software metrics (2nd ed.): a rigorous and practical approach
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Model checking
ACM Transactions on Information and System Security (TISSEC)
Letters to the editor: go to statement considered harmful
Communications of the ACM
An axiomatic basis for computer programming
Communications of the ACM
A system and language for building system-specific, static analyses
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Proceedings of the 11th USENIX Security Symposium
CSSV: towards a realistic tool for statically detecting all buffer overflows in C
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Precise and efficient static array bound checking for large embedded C programs
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
CCured: type-safe retrofitting of legacy software
ACM Transactions on Programming Languages and Systems (TOPLAS)
Modular checking for buffer overflows in the large
Proceedings of the 28th international conference on Software engineering
Software Measurement and Estimation: A Practical Approach (Quantitative Software Engineering Series)
Software Measurement and Estimation: A Practical Approach (Quantitative Software Engineering Series)
Thorough static analysis of device drivers
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Sound and precise analysis of web applications for injection vulnerabilities
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Static detection of cross-site scripting vulnerabilities
Proceedings of the 30th international conference on Software engineering
Secure programming with static analysis
Secure programming with static analysis
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
F-SOFT: software verification platform
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Hi-index | 0.00 |
Implementation-level vulnerabilities are a persistent threat to the security of computing systems. We propose using the results of partially-successful verification attempts to place a numerical upper bound on the insecurity of systems, in order to motivate improvement.