A Survey of Automated Root Cause Analysis of Software Vulnerability.

We are now using the results of this comparison study to guide our future research into improving automated software assessment. ... FPVA finds new threats to a system and is not dependent on a list of known threats. Manual assessment is labor-intensive, making the use of automated assessment tools quite attractive. ... Our special thanks to TASC Inc. for their help in validating and extending our study of automated analysis tools. ...

doi:10.1145/1866835.1866852 dblp:conf/ccs/KupschMHC10 fatcat:xxusme4w4nbpvoblttwtqren54

In this paper, we give an extensive survey of former representative works related to the underlying technologies of a CRS, including vulnerability detection, exploitation and patching. ... Utilizing automated system to detect, exploit and patch software vulnerabilities seems so attractive because of its scalability and cost-efficiency compared with the human expert based solution. ... At the same time, software security is becoming an emerging worldwide challenge. Software vulnerabilities are one of the root causes of security problems. ...

arXiv:1805.11001v2 fatcat:uh5ndhgmt5gpdk4opritn5fnsq

Multiple Versions

A survey of more than 50 senior IT professionals was done to understand root cause of their software project failures. ... <span>There are various root causes of software failures. Few years ago, software used to fail mainly due to functionality related bugs. ... IT INDUSTRY SURVEY A survey of 50 senior IT professionals was done to know root cause of software failures and to figure out which phase is most time consuming. ...

doi:10.11591/ijece.v9i2.pp1122-1130 fatcat:p3z2coovzfdgfou5qau2r7nthe

Open Access

The findings of this study can assist developers in having a better understanding of software security vulnerabilities across different ML libraries and gain a better insight into their weaknesses of them ... To do so, in total, we collected 596 security-related commits to exploring five major factors: 1) vulnerability types, 2) root causes, 3) symptoms, 4) fixing patterns, and 5) fixing efforts of security ... Availability We make the dataset and source code of our experiments available at https://cse19922021.github.io/ Deep-Learning-Security-Vulnerabilities/. ...

arXiv:2203.06502v1 fatcat:5kdx4h44w5h4jmzvlp34l63ije

Open Access

ABSTRACT Despite the security community's emphasis on the importance of building secure software, the number of new vulnerabilities found in our systems is increasing. ... This paper discusses a new hypothesis to explain this problem and introduces a new security paradigm where software vulnerabilities are viewed as blind spots in developer's heuristicbased decision-making ... Acknowledgments We would like to thank our shepherd Julie Boxwell Ard for guidance in writing the pre-proceeding version of the paper and to the NSPW 2014 anonymous reviewers for valuable feedback. ...

doi:10.1145/2683467.2683472 dblp:conf/nspw/CapposZORY14 fatcat:hsoxemyshjgijlm3g5k6zcolgu

Given the need and significance of phased approach of security testing, this article proposes a prescriptive framework elaborating security testing activities to be carried out while integrating it within ... Software security test process elaborates various testing activities and describes which activity is to be carried out when. ... It appears feasible that a majority of software vulnerabilities to be traced back to a relatively small number of causes, if addressed security testing at development process. ...

doi:10.17812/ijra.1.1(2)2014 fatcat:hw7yin7gr5g4xcbr2byhur6hmy

Open Access

With the rapid development of computer network and information technology, the Internet has been suffering from a variety of security attacks over the past few years. ... In this paper, we study computer and network attacks, and introduce a classification of them and propose a cyber attack classification called DMAT (Defense-oriented Multidimensional Attack Taxonomy). ... The worm spread itself using a common type of vulnerability known as a buffer overflow. ...

doi:10.25103/jestr.065.15 fatcat:xjyczrphizhs3dmh2ckgzluqxm

DOAJ

Citation

Wei JIANG, College of Computer Science, Beijing University of Technology,Beijing 100124, China, Zhi - hong TIAN, Xiang CUI, School of Computer, National University of Defense Technology, Changsha 410073, China, Key Laboratory of Information and Network Security, Ministry of Public Security, Shanghai 201204, China, School of Computer Science a nd Technology, Harbin Institute of Technology, Haerbin 150001, China, The Institute of Computing Technology of the Chinese Academy of Sciences , Beijing 100 080 , China. "DMAT : A New Network and Computer Attack Classification." Journal of Engineering Science and Technology Review 6.5 (2013) 101-106

This paper is a survey of the works of root kits from an operating systems point of view. ... Root Kits are tool boxes containing a collection of highly skilled tools for attacking computer systems. ... Summary The starting point of this paper was a survey of the works of root kits. ...

doi:10.1145/974104.974105 fatcat:zw5c227c7rdpzmq7rmo5e3w2vq

Internet security attack could endanger the privacy of World Wide Web users and the integrity of their data. ... In this paper, various types of internet security attack mechanisms are explored and it is pointed out that when different types of attacks are combined together, network security can suffer disastrous ... Root Kits A root kit is a piece of software that, once installed on a victim's machine, opens up a port to allow a hacker to communicate with the machine and take full control of the system. ...

doi:10.5281/zenodo.1327923 fatcat:dslh65n5hzbebkttko5tahf5wm

Open Access

Fonseca Jose et al. (2008) [14] focuses on the root cause of most security attacks are the vulnerabilities created by the ... Due to the rising explosion in the security vulnerabilities, there occurs a need to understand its unique challenges and issues which will eventually serve as a useful input for the security testing tool ... security testing of web applications. [5] Automatic Test Approach of Web Application for Security (AutoInspect Fonseca Jose et al. (2008) [14] focuses on the root cause of most security attacks are the ...

doi:10.5120/15334-3667 fatcat:d6l2nmlvwjakfax535ngwmptyu

There are a number of skills that are required and used to make good software. ... This paper presents a description of security objectives and best algorithms to address vulnerability issues to provide better results from planned attacks. ... Conflicts of Interest The authors declare no conflicts of interest regarding the publication of this paper. ...

doi:10.4236/oalib.1106831 fatcat:cmnozyi76bbsvi76awficx4bea

This is a survey of the processes, practices, and technologies that can help software maintenance engineers improve the security of software systems. ... In addition to surveying the state-of-the-art, research challenges pertaining to software security are posed to the software maintenance research community. ... A worse scenario would involve the exploiting of a security vulnerability to gain root access to the operating system of the device. ...

doi:10.1109/fosm.2008.4659254 fatcat:lvh7wsvj7rbkfkdv5on762agva

12 -In many domains, automated reasoning tools must represent graphs of causally linked events. ... We survey existing practice and emerging interchange formats in each of these fields. ... Root cause analysis allows inclusion of causes that were not present in the actual sequence -alternative conditions which could have caused or prevented the loss, if they had been present. ...

doi:10.1109/aero.2005.1559747 fatcat:p2z7pgrmybgkfjudkl525pz6jq

First, we study the attack model, the root-cause, and the vulnerabilities that enable these attacks. Second, we analyze the status quo of the web-based malware problem. ... In this paper, we survey the state-of-the-art research regarding the analysis of -and defense againstweb-based malware attacks. ... operate by addressing one or more of the root causes. 2.4.1. ...

doi:10.1145/2501654.2501663 fatcat:kvmuw7n5wzcq5e4jtpxovxwmue

We focus in this survey on the assessment of vulnerabilities in autonomic environments. ... Autonomic networks and services are exposed to a large variety of security risks. ... While each network device may present a secure state, a combination of them may cause a distributed vulnerable state across the network. ...

doi:10.1109/surv.2013.082713.00154 fatcat:r6zfjuo4vreujkhd7ao2pjmicy

First principles vulnerability assessment

Preserved Fulltext

The Coming Era of AlphaHacking? A Survey of Automatic Software Vulnerability Detection, Exploitation and Patching Techniques [article]

Preserved Fulltext

Other Versions

Proposed T-Model to cover 4S quality metrics based on empirical study of root cause of software failures

Preserved Fulltext

Characterizing and Understanding Software Security Vulnerabilities in Machine Learning Libraries [article]

Preserved Fulltext

Vulnerabilities as Blind Spots in Developer's Heuristic-Based Decision-Making Processes

Preserved Fulltext

A Survey Report on Security for Testing Phase of Software Development Process English

Preserved Fulltext

DMAT : A New Network and Computer Attack Classification

Preserved Fulltext

Root Kits

Preserved Fulltext

Mechanisms Of Internet Security Attacks

Preserved Fulltext

Security Testing of Web Applications: Issues and Challenges

Preserved Fulltext

The Intelligent Software Systems: The Practical Implementation of Software Security Vulnerabilities Detection Modeling

Preserved Fulltext

Software analysis for security

Preserved Fulltext

Knowledge representation standards and interchange formats for causal graphs

Preserved Fulltext

Analyzing and defending against web-based malware

Preserved Fulltext

Vulnerability Assessment in Autonomic Networks and Services: A Survey

Preserved Fulltext

A Survey Report on Security for Testing Phase of Software Development Process
English