Empirical results on the study of software vulnerabilities (NIER track)

Proceedings - International Conference on Software Engineering

Volumn , Issue , 2011, Pages 964-967

  Wu, Yan ^a   Siy, Harvey ^a   Gandhi, Robin ^a  

^a UNIVERSITY OF NEBRASKA AT OMAHA   (United States)

Author keywords

buffer overflow; experiment; repository; software vulnerability

Indexed keywords

BODY OF KNOWLEDGE; BUFFER OVERFLOWS; EMPIRICAL RESULTS; MANUAL INSPECTION; REPOSITORY; SOFTWARE ASSURANCE; SOFTWARE VULNERABILITIES; SOFTWARE VULNERABILITY;

EXPERIMENTS; SEMANTICS;

SOFTWARE DESIGN;

EID: 79959888787     PISSN: 02705257     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1985793.1985960     Document Type: Conference Paper

References (18)

1. Abbott, R.P., Chin, J.S. et al. The RISOS Project. Lawrence Livermore Lab TR NBSIR-76-1041,1976.
2. Aslam. Y. A Taxonomy of Security Faults in the UNIX Operating System. Purdue University, August 1995.
3. Bisbey, R. and Hollingworth, D. Protection Analysis: Final Report. ARPA ORDER NO. 2223, ISI/SR-78-13 May 1978.
4. Bishop, M. A Taxonomy of UNIX System and Network Vulnerabilities. UC Davis, CSE-95-10, May 1995.
5. CVE - Common Vulnerabilities and Exposures. http://cve.mitre.org.
6. CWE - Common Weakness Enumeration Version 1.6. 29 Oct. 2009. The MITRE Corporation. http://cwe.mitre.org/.
7. Gandhi, R. A. Siy, H., and Wu, Y. Studying Software Vulnerabilities. CrossTalk, September/October 2010.
8. Gandhi, R. A. Studying Software Vulnerabilities (companion Website). http://faculty.ist.unomaha.edu/rgandhi/st/
9. Howard, M, LeBlanc, D., Viega. J. 19 Deadly Sins of Software Security Programming Flaws and How to Fix Them, 2005.
10. Judd, C., et al. Research Methods in Social Relations. 1991.
11. Landwehr, C., et al. A Taxonomy of Computer Program Security Flaws with Examples. ACM Computing Surveys 26, 3, Sept., 1994
12. National Vulnerability Database. http://nvd.nist.gov/
13. Shapiro, S. et al. An analysis of variance test for normality, 1965.
14. The Apache HTTP Server Project. http://httpd.apache.org
15. The Ten Most Critical Web Application Security Vulnerabilities. The Open Web Application Security Project (OWASP), 2007.
16. Web Application Security Consortium 2005.
17. Weber, S. et al. A Software Flaw Taxonomy: Aiming Tools at Security. (SESS'05) St. Louis, Missouri, June 2005.
18. Wu,Y., Gandhi, R.A., and Siy, H. Using Semantic Templates to Study Vulnerabilities Recorded in Large Software Repositories. In Proc. 6th Intl. Workshop on Software Engineering for Secure Systems (SESS'10), South Africa, Cape Town. 2010.