An analysis of the vulnerability discovery process in web browsers

Proceedings of the 10th IASTED International Conference on Software Engineering and Applications, SEA 2006

Volumn , Issue , 2006, Pages 172-177

  Woo, Sung Whan ^a   Alhazmi, Omar H ^a   Malaiya, Yashwant K ^a  

^a Department of Computer Science   (United States)

Author keywords

Firefox; Internet explorer; Mozilla; Vulnerability; Web browser

Indexed keywords

INTERNET; RISK ASSESSMENT; SECURITY OF DATA; SOFTWARE TESTING;

FIREFOX; INTERNET EXPLORERS; MOZILLA; VULNERABILITY;

WEB BROWSERS;

EID: 38049138451     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (24)

1. A. Kumar, Phishing - a new age weapon. Tech. rep., Open Web Application Security Project (OWASP), 2005.
2. E. E. Schultz, Internet Explorer Security: is there any hope? Network Security, Vol. 2005, issue 1,1 (Jan. 2005), pp 6-10.
3. R. Naraine, Zero-day firefox exploit sends mozilla scrambling. http://www.eweek.com/, May 2005.
4. A. Moshchuk, T. Bragin, S. D. Gribble , and H. M. Levy, A crawler-based study of spyware on the web. The 13th Annual Network & Distributed System Security Symposium (2006).
5. W. Dormann, and J. Rafail, Securing your web browser. Tech. rep., CERT Coordination Center, 2006.
6. B. Krebs, Real world impact of IE flaw, Brian Krebs on Computer Security, http://blog.washingtonpost.com /securityfix/2006/04/ real_world_impact_of_internet_1.html, Posted April 3, 2006.
7. CERT Advisory CA-2001-26 Nimda Worm. http://www.cert.org/advisories/CA- 2001-26.html, April 2006.
8. nd IEEE International Symposium on Dependable Autonomic and Secure Computing, (Sep 2006).
9. R. Anderson, Security in open versus closed systems - the dance of Boltzmann, Coase and Moore. In Conf. on Open Source Software: Economics, Law and Policy (2002), pp. 1-15.
10. E. Rescorla, Is finding security holes a good idea? IEEE Security and Privacy 03, 1 (2005), 14-19.
11. O. H. Alhazmi and Y. K. Malaiya, "Quantitative Vulnerability Assessment of Systems Software," Proceedings of 51st Reliability and Maintainability Symposium, Alexandria, Virginia, U.S.A, January 23-27 2005 .pp. 615-621.
12. O. H. Alhazmi, and Y. K. Malaiya, Modeling the vulnerability discovery process. Proc. 16"' International Symposium on Software Reliability Engineering (Nov. 2005), pp. 129-138.
13. O. H. Alhazmi and Y. K. Malaiya, "Prediction Capabilities of Vulnerability Discovery Models," Proceedings of 52nd Reliability and Maintainability Symposium, Newport Beach, California, January 23-26 2006, pp.86-91.
14. National Vulnerability Database, http://nvd.nist.gov/, April 2006.
15. Net Applications, http://www.netapplications.com/, April 2006.
16. SLOCCount,http://www.dwheeler.com/sloccount/,October2006
17. T. Aslam, I. Krsul, and E. Spafford, "Use of a taxonomy of security faults," in Proc. 19th NIST-NCSC Nat. Information Systems Security Conf, 1996, pp. 551-560.
18. M. Bishop, Vulnerability analysis. Proc. Und Int. Symp. on Recent Advances in Intrusion Detection (Sep 1999), pp. 125-136.
19. R. Gopalakrishna, E. Spafford, and J. Vitek, Vulnerability likelihood: a probabilistic approach to software assurance. Tech rep., CERIAS, 2005
20. C. E. Landwehr, A. R. Bull, J. P. McDermott, and W. S. Choi, A taxonomy of computer program security flaws. ACM Comput. Surv. 26, 3 (1994), pp. 211-254.
21. R. C. Seacord, and A. D. Householder, Structured approach to classifying vulnerabilities. Tech rep., CMU/SE1-2005-TN-003, Carnegie Mellon, 2005.
22. E. E. Schultz, D. S. Brown, and T. Longstaff A. Responding to computer security incidents. Tech rep., Lawrence Livemore National Laboratory, July 1990.
23. Secunia, http://secunia.com/, April 2006.
24. Seacord, R. C. Secure Coding in C and C++. Addison Wisely, 2005.