Using semantic templates to study vulnerabilities recorded in large software repositories

Proceedings - International Conference on Software Engineering

Volumn , Issue , 2010, Pages 22-28

  Wu, Yan ^a   Gandhi, Robin A ^a   Siy, Harvey ^a  

^a UNIVERSITY OF NEBRASKA AT OMAHA   (United States)

Author keywords

buffer overflow; CVE; CWE; fix patterns; ontology; semantic template; software repository; vulnerability

Indexed keywords

APACHE WEB SERVER; BUFFER OVERFLOWS; MULTIPLE COMPONENTS; ONTOLOGY SEMANTICS; OPEN PROBLEMS; SOFTWARE COMPONENT; SOFTWARE DEVELOPMENT; SOFTWARE PROJECT; SOFTWARE REPOSITORIES;

BUFFER STORAGE; COMPUTER SOFTWARE; ONTOLOGY; SEMANTICS; VERIFICATION;

SOFTWARE DESIGN;

EID: 77954606254     PISSN: 02705257     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1809100.1809104     Document Type: Conference Paper

References (13)

1. Bevan, J., Whitehead, E.J., Kim, S., Godfrey, M., "Facilitating Software Evolution Research with Kenyon." Proc. of 13th Foundations of Software Engg., Sept. 2005.
2. CAN-2004-0492, Common Vulnerability Enumeration Description, cve.mitre.org
3. Christey, S.M, Harris, C.O., Kenderdine, J.E., Miles, B., "Common Weaknesses Enumeration v 1.6," cwe.mitre.org.
4. Common Vulnerability Enumeration, cve.mitre.org
5. Gennari, J., Musen, M., et al., "The evolution of Protégé-2000: An environment for knowledge-based systems development." Human-Computer Studies, 58(1), 2003.
6. Gruber. T., "A Translation Approach to Portable Ontologies," Knowledge Acquisition 5,2, 199-299, 1993.
7. Kiefer, C., Bernstein, A., Tappolet. J., "Mining software repositories using iSPARQL and a software evolution ontology." 4th Int'l Workshop on Mining Soft. Repo. 2007.
8. Kim, S., et al. "TA-RE: an Exchange Language for Mining Software Repositories." 3rd Int'l Workshop on Mining Soft. Repo. 2006.
9. Pan, K., Kim, S., Whitehead, E.J., "Toward an understanding of bug fix patterns." Empirical Software Engineering 14:286-315, 2009.
10. Riley, H.N., "The von Neumann Architecture of Computer Systems," Computer Science Department, California State Polytechnic University, September, 1987.
11. van Vleck, T., "Three questions about each bug you find." SIGSOFT Softw. Eng. Notes 14, 5 (Jul. 1989), 62-63.
12. Viega, J., McGraw, G., "Building Secure Software: How to Avoid Security Problems the Right Way", Addison Wesley, 2002
13. W3C. OWL Web Ontology Language reference. W3C Recommendation, Feb. 2004.