Death, taxes, and imperfect software: surviving the inevitable
Proceedings of the 1998 workshop on New security paradigms
Building secure software: how to avoid security problems the right way
Building secure software: how to avoid security problems the right way
The Cathedral and the Bazaar
An analysis of penetration vulnerabilities in system software
An analysis of penetration vulnerabilities in system software
Hi-index | 0.00 |
We present our experience in developing an open source tool for the measurement of security flaws. Since security flaws result from the unauthorized flow of information, our tool shows how these flaws can be measured and compared based on the amount of information that flows, how "far" it flows, and the value of the information. Flaws can then be compared and careful security testers can maximize the amount of security for a limited set of resources. The development of a tool to partially automate this process will prove to be an asset to the open source community in that the "many eyes" can be directed and these resources prioritized in order to patch flaws in the most efficient manner and minimize downtime and risk.