Three questions about each bug you find
ACM SIGSOFT Software Engineering Notes
A translation approach to portable ontology specifications
Knowledge Acquisition - Special issue: Current issues in knowledge modeling
Building secure software: how to avoid security problems the right way
Building secure software: how to avoid security problems the right way
The evolution of Protégé: an environment for knowledge-based systems development
International Journal of Human-Computer Studies
Facilitating software evolution research with kenyon
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
TA-RE: an exchange language for mining software repositories
Proceedings of the 2006 international workshop on Mining software repositories
Mining Software Repositories with iSPAROL and a Software Evolution Ontology
MSR '07 Proceedings of the Fourth International Workshop on Mining Software Repositories
Toward an understanding of bug fix patterns
Empirical Software Engineering
The 6th International Workshop on Software Engineering for Secure Systems (SESS'10)
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2
Empirical results on the study of software vulnerabilities (NIER track)
Proceedings of the 33rd International Conference on Software Engineering
| Hi-index | 0.00 |
Software repositories are rich sources of information about vulnerabilities that occur during a product's lifecycle. Although available, such information is scattered across numerous databases. Furthermore, in large software repositories, a single vulnerability may span across multiple components and have multidimensional interactions with other vulnerabilities. Thus, identifying the patterns of vulnerability occurrence in a larger context of software development continues to be an open problem. Here we present findings from our study of vulnerable software components using an ontology-guided analysis of vulnerabilities recorded in a software project's code repository. In this approach, a semantic template for each type of vulnerability is created from information in the Common Weakness Enumeration dictionary. Next, known vulnerabilities and related concepts in the repository are tagged with concepts from the template. Based on the characteristics of the resources affected by these vulnerabilities, other similar resources in the software can be identified for closer inspection and verification. We present results from our study of vulnerabilities in the Apache web server.