SAVI: Static-Analysis vulnerability indicator

IEEE Security and Privacy

Volumn 10, Issue 3, 2012, Pages 32-39

  Walden, James ^a   Doyle, Maureen ^a  

^a NORTHERN KENTUCKY UNIVERSITY   (United States)

Author keywords

computer security; empirical software engineering; static analysis; Web application security

Indexed keywords

EMPIRICAL SOFTWARE ENGINEERING; OPEN SOURCE APPLICATION; OPEN SOURCE SOFTWARE; SECURITY RISKS; SECURITY VULNERABILITIES; SOFTWARE ACQUISITION; SOURCE CODES; VULNERABILITY INDICATORS; WEB APPLICATION SECURITY;

RISKS; SEA ICE; SECURITY OF DATA; SOFTWARE ENGINEERING;

STATIC ANALYSIS;

EID: 84863493887     PISSN: 15407993     EISSN: None     Source Type: Journal    
DOI: 10.1109/MSP.2012.1     Document Type: Article

References (7)

1. IBM Security Solutions, "X-Force 2009 Trend and Risk Report," Feb. 2010; www-935.ibm.com/services/us/iss/xforce/trendreports.
2. S. Walli, D. Gynn, and B. Rotz, The Growth of Open Source Software in Organizations, tech. report, Optaros, 2005; http://dirkriehle.com/wp-content/ uploads/2008/03/wp-optaros-oss-usage-in-organizations.pdf.
3. "BuiltWith Technology Usage Statistics," BuiltWith, 15 Sept. 2011; http://trends.builtwith.com.
4. A. Ross, "Mass SQL Injection's Evolution," Cybersecurity Report, 28 Apr. 2010; http://cybersecurityreport.nextgov.com/2010/04/mass-sql- injections-evolution.php.
5. F. Massacci and V.H. Nguyen, "Which Is the Right Source of Vulnerability Studies? An Empirical Analysis on Mozilla Firefox," Proc. 6th Int'l Workshop Security Measurement and Metrics (MetriSec 10), ACM, 2010, article 4
6. J. Walden et al., "Security of Open Source Web Applica-tions," Proc. 3rd Int'l Symp. Empirical Soft ware Eng. and Measurement, IEEE CS, 2009, pp. 545-553.
7. M. Doyle and J. Walden, "An Empirical Study of the Evo-lution of PHP Web Application Security," Proc. 3rd Int'l Workshop Security Measurements and Metrics, IEEE CS, 2011, pp. 11-20.