Title :
SAVI: Static-Analysis Vulnerability Indicator
Author :
Walden, James ; Doyle, Maureen
Abstract :
Open source software presents new opportunities for software acquisition but introduces risks. The selection of open source applications should take into account both features and security risks. Risks include security vulnerabilities, of which published vulnerabilities are only the tip of the iceberg. Having an application´s source code lets us look deeper at its security. SAVI (Static-Analysis Vulnerability Indicator) is a metric for assessing risks of using software built by external developers. It combines several types of static-analysis data to rank application vulnerability.
Keywords :
program diagnostics; public domain software; security of data; SAVI; Web browsers; application vulnerability; external developers; open source software; security risks; security vulnerabilities; software acquisition; source code; static-analysis vulnerability indicator; Computer security; Databases; Organizations; Software engineering; Web sites; Web application security; computer security; empirical software engineering; static analysis;
Journal_Title :
Security & Privacy, IEEE
