Title :
Modeling Software VulnerabilitiesWith Vulnerability Cause Graphs
Author :
Byers, David ; Ardi, Shanai ; Shahmehri, Nahid ; Duma, Claudiu
Author_Institution :
Dept. of Comput. & Inf. Sci., Linkopings Universitet, Linkoping
Abstract :
When vulnerabilities are discovered in software, which often happens after deployment, they must be addressed as part of ongoing software maintenance. A mature software development organization should analyze vulnerabilities in order to determine how they, and similar vulnerabilities, can be prevented in the future. In this paper we present a structured method for analyzing and documenting the causes of software vulnerabilities. Applied during software maintenance, the method generates the information needed for improving the software development process, to prevent similar vulnerabilities in future releases. Our approach is based on vulnerability cause graphs, a structured representation of causes of software vulnerabilities
Keywords :
safety-critical software; software maintenance; software development organization; software maintenance; software security; software vulnerability modeling; vulnerability cause graphs; Computer worms; Data security; Databases; Information analysis; Information science; Information security; National security; Programming; Software maintenance; Software performance; software security; vulnerability modeling;
Conference_Titel :
Software Maintenance, 2006. ICSM '06. 22nd IEEE International Conference on
Conference_Location :
Philadelphia, PA
Print_ISBN :
0-7695-2354-4
DOI :
10.1109/ICSM.2006.40
