Title :
Software Vulnerability Assessment Version Extraction and Verification
Author :
Boldt, Martin ; Carlsson, Bengt ; Martinsson, Roy
Author_Institution :
Blekinge Inst. of Technol., Ronneby
Abstract :
Software vendors do not on a regular basis label their products with the exact software version. This is contrary to branded household products where model numbers and serial numbers allows the consumer to identify the product and get assistance if something goes wrong. We investigated version and product information within 8468 different software programs, where freeware and shareware showed a considerable lack of relevant information. A tool is proposed for identifying relevant version information and for verifying potential threats matched against a software vulnerability database. We suggest that software vendors in the future conform to general conventions of storing version information in a standardized way.
Keywords :
DP industry; program verification; security of data; freeware; product information; shareware; software vendors; software vulnerability assessment; version extraction; version verification; Application software; Computer security; Data security; Databases; Information security; Open source software; Software engineering; Software tools;
Conference_Titel :
Software Engineering Advances, 2007. ICSEA 2007. International Conference on
Conference_Location :
Cap Esterel
Print_ISBN :
0-7695-2937-2
Electronic_ISBN :
978-0-7695-2937-0
DOI :
10.1109/ICSEA.2007.64
