Abstract
Known security vulnerabilities can be introduced in software systems as a result of being dependent upon third-party components. These documented software weaknesses are 'hiding in plain sight' and represent low hanging fruit for attackers. In this paper we present the Vulnerability Alert Service (VAS), a tool-based process to track known vulnerabilities in software systems throughout their life cycle. We studied its usefulness in the context of external software product quality monitoring provided by the Software Improvement Group, a software advisory company based in Amsterdam, the Netherlands. Besides empirically assessing the usefulness of the VAS, we have also leveraged it to gain insight and report on the prevalence of third-party components with known security vulnerabilities in proprietary applications.
Cite
CITATION STYLE
Cadariu, M., Bouwers, E., Visser, J., & Van Deursen, A. (2015). Tracking known security vulnerabilities in proprietary software systems. In 2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering, SANER 2015 - Proceedings (pp. 516–519). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/SANER.2015.7081868
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
