Torbit: Design of an open source security flaw measurement suite

Authors:
Robert S. Fourney;Austin D. Hanson
Affiliations:
(Correspd. Tel.: +1 605 688 4016/ Fax: +1 605 688 4401/ E-mail: Robert.Fourney@ieee.org) Department of Electrical Engineering and Computer Science, HH 215, Box 2220, South Dakota State University, ...;Department of Electrical Engineering and Computer Science, HH 215, Box 2220, South Dakota State University, Brookings, SD 57007, USA
Venue:
Journal of Computational Methods in Sciences and Engineering
Year:
2009

Citing 5
Cited 0

Death, taxes, and imperfect software: surviving the inevitable

Proceedings of the 1998 workshop on New security paradigms
Building secure software: how to avoid security problems the right way

Building secure software: how to avoid security problems the right way
The Cathedral and the Bazaar

The Cathedral and the Bazaar
Windows of Vulnerability: A Case Study Analysis

Computer
An analysis of penetration vulnerabilities in system software

An analysis of penetration vulnerabilities in system software

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present our experience in developing an open source tool for the measurement of security flaws. Since security flaws result from the unauthorized flow of information, our tool shows how these flaws can be measured and compared based on the amount of information that flows, how "far" it flows, and the value of the information. Flaws can then be compared and careful security testers can maximize the amount of security for a limited set of resources. The development of a tool to partially automate this process will prove to be an asset to the open source community in that the "many eyes" can be directed and these resources prioritized in order to patch flaws in the most efficient manner and minimize downtime and risk.