9,876 Hits in 5.4 sec

Analyses of Two End-User Software Vulnerability Exposure Metrics

Jason L. Wright, Miles McQueen, Lawrence Wellman
2012 2012 Seventh International Conference on Availability, Reliability and Security  
To that end, we propose two new security metrics, average active vulnerabilities (AAV) and vulnerability free days (VFD).  ...  Instead, putting reliable vulnerability measures into the hands of endusers so that informed decisions can be made regarding the relative security exposure incurred by choosing one software package over  ...  Summary of contributions We focus on the end-user software vulnerability exposure from individual products by defining two new end-user metrics and we use these two metrics in a case study of four browsers  ... 
doi:10.1109/ares.2012.33 dblp:conf/IEEEares/WrightMW12 fatcat:mpl4xz6dwvbvxefpmhmjgpkory

Analyses of two end-user software vulnerability exposure metrics (extended version)

Jason L. Wright, Miles McQueen, Lawrence Wellman
2013 Information Security Technical Report  
Reliable software vulnerability metrics allow end-users to make informed decisions regarding the risk posed by the choice of one software package versus another.  ...  Understanding the exposure risk of software vulnerabilities is an important part of the software ecosystem.  ...  Conclusions and Future Work Two new software vulnerability exposure metrics were proposed with the end-user in mind.  ... 
doi:10.1016/j.istr.2013.02.002 fatcat:b7gwgs24g5duhgiligm32lgery

CrawVulns - A Software Solution for Vulnerabilities Analysis

2020 Informatică economică  
This paper presents known threats and vulnerabilities related to mobile applications and proposes a software solution for vulnerabilities analyses (CrawVulns) that aims to help eliminate or mitigate security  ...  Most of the mobile applications connect to external servers that process and store users' data.  ...  Acknowledgments Parts of this research have been published in the Proceedings of the 18 th International Conference on Informatics in Economy, IE 2019 [14] .  ... 
doi:10.24818/issn14531305/24.1.2020.04 fatcat:ojwfco5z2nguhdfmzwjzbnmycy

Quantitative Risk Assessment in Major Smartphone Operating Systems in Asian Countries

HyunChul Joh
2014 Journal of Korea Multimedia Society  
In this paper, we try to calculate relative risk levels triggered by software vulnerabilities from unsecured smartphone operating systems (Android and iOS) among 51 Asian countries.  ...  For a large scale risk evaluation, a qualitative assessment is a never ending task.  ...  In this paper, we attempt to measure smartphone ecosystem risk levels in Asia countries based on software security vulnerabilities in end-user smartphone OSes.  ... 
doi:10.9717/kmms.2014.17.12.1494 fatcat:d26tnggbozgsbglrb3lvare33e

Information assurance: a cyber security storm map

Denise Ferebee, Dipankar Dasgupta, Qishi Wu
2014 International Journal of Information Privacy Security and Integrity  
In this article, we will discuss how to apply a visualisation and event correlation tool to facilitate the analysis of data, understanding of data, and dissemination of information to all affected parties  ...  The visualisation shows an overall view of security events or storms that are occurring on a network while providing information in reference to severity and a propagation pattern.  ...  We have chosen to use the National Vulnerability Database (NVD, 2012; Common Vulnerabilities and Exposures, 2010) and the Common Vulnerability Scoring System (CVSS, 2010) because security device, software  ... 
doi:10.1504/ijipsi.2014.062865 fatcat:piqf73ese5gtdobybthrln5tea

Developing Secure Systems: A Comparative Study of Existing Methodologies

Bandar M. Alshammari, Colin J. Fidge, Diane Corney
2016 Lecture Notes on Software Engineering  
At the end of this paper, we provide a discussion of these three approaches and how they can be used to provide guidance for future secure software development processes.  ...  It also provides an introduction to general software quality measurements including existing software security metrics.  ...  The influence of these metrics on finding software weaknesses at the design stage of a program was analysed by Subramanyam and Krishnan [28] .  ... 
doi:10.7763/lnse.2016.v4.239 fatcat:3leyw5pr5ne2zgwu5ncoi6ehy4

Towards Measurement of Security Effectiveness Enabling Factors in Software Intensive Systems

Reijo M. Savola
2014 Lecture Notes on Software Engineering  
This paper analyzes the factors contributing to security effectiveness of software-intensive systems.  ...   Abstract-Adequate information security effectiveness during system operation is the ultimate goal of all security solutions for software-intensive systems.  ...  The increased exposure of software-intensive systems has coincided with attackers" increased awareness of the multitude of vulnerabilities present in software [1] .  ... 
doi:10.7763/lnse.2014.v2.104 fatcat:vx2gmg2lerdixm57blrfok3bti

An open platform to assess vulnerabilities to climate change: An application to agricultural systems

Ulrich Eza, Anastasiya Shtiliyanova, David Borras, Gianni Bellocchi, Pascal Carrère, Raphaël Martin
2015 Ecological Informatics  
We describe a model-based open platform to assess vulnerabilities of agricultural systems to climate change on pixel-wise data.  ...  ), soils and human management, and is then used to assess the vulnerability to climate change of grassland productivity (downscaled to a fine scale).  ...  Acknowledgments The software platform was developed with funding from a grant (Bourse Recherche Filière) of the region Auvergne of France and FEDER (European Regional Development Fund), and within the  ... 
doi:10.1016/j.ecoinf.2015.10.009 fatcat:pytjflpjtndcxhcgt77sy56j5q

Extended Vulnerability Feature Extraction Based on Public Resources

Yulia Tatarinova, Olga Sinelnikova
2019 Theoretical and Applied Cybersecurity  
The focus of this research is to define a framework that automatically analyses Common Vulnerabilities and Exposures (CVE) from public and disclosed resources and makes mapping to the target computer system  ...  We evaluated and improved each obtaining approaches on the recent set of security vulnerabilities (2018 year database). Comparison obtained results with results of manual expert analysis is proved.  ...  This algorithm returns the representation each binary as a set of functions , dependencies and crossreferences graph : = − ( ) = ⋃︁ =1 ( , , ). . ( → ) 7: . ( → ) 8: end for 9: end for We generate two  ... 
doi:10.20535/tacs.2664-29132019.1.169085 fatcat:4z2dfcpqcjaerppoawcwp6saje

The technological 'exposure' of populations; characterisation and future reduction

Lindsay J. Robertson
2020 Futures : The journal of policy, planning and futures studies  
A theoretical basis for reducing population exposure is developed from the basic concepts of technological exposure.  ...  This paper demonstrates how the concept of technological exposure can be extended to generic needs of individuals, and further to the needs of populations of individuals and even as far as "existential  ...  In this situation, end-user technological vulnerability becomes significant, but quantifying the extent and nature of such vulnerabilities have been hindered by the complexity of the analysis (Haimes  ... 
doi:10.1016/j.futures.2020.102584 pmid:32523162 pmcid:PMC7255209 fatcat:uqhdjyg325crlg3gryfxoyuaba

A Methodology for Security Classification applied to Smart Grid Infrastructures

Manish Shrestha, Christian Johansen, Josef Noll, Davide Roverso
2020 International Journal of Critical Infrastructure Protection  
various exposure aspects of the system and the respective protection mechanisms implemented; without looking at attackers.  ...  As a consequence, the methods should also look more at the functionalities (exposure/protection) of the system than at the possible attacks.  ...  This work is funded by eSmart Systems AS and the Research Council of Norway through the projects IoTSec -"Security in IoT for Smart 48 GSN, "GSN Standard". .  ... 
doi:10.1016/j.ijcip.2020.100342 fatcat:6urk2mserjgavdn56bugqjw3mi

MyHealthMyData (MHMD): Deliverable 5.4 - MHMD Security Infrastructure

Enrico Cambiaso, Ivan Vaccari, Maurizio Aiello, Elisabetta Punta, Alexandre Flament
2018 Zenodo  
Also, the design of the ad-hoc MHMD distributed Intrusion Detection System (MHMD-dIDS) aimed to protect the MHMD system from cyber-threats is proposed, by deeply analysing the current architecture and  ...  to guarantee protection of the system.  ...  In particular, bad software programming may lead to the exposure of software bugs, with consequent exposure to cyber-attacks [Bellissimo, 2006] .  ... 
doi:10.5281/zenodo.2538112 fatcat:waopplj4r5hjzkwq4cnlijcvvm

Riski: A Framework For Modeling Cyber Threats To Estimate Risk For Data Breach Insurance

Angeliki Panou, Christoforos Ntantogian, Christos Xenakis
2017 Zenodo  
This was mainly due to a lack of readily available data on cyber incidents impacts and systematic methodology to support the efficacy of cyber investments.  ...  ways that potential cyber risks can affect the operation of a business.  ...  ACKNOWLEDGMENTS This research has been funded by the European Commission as part of the ReCRED project (Horizon H2020 Framework Programme of the European Union under GA number 653417).  ... 
doi:10.5281/zenodo.1195988 fatcat:f6deud4gtjchbavrqryj53gn4q

Security Metrics for the Android Ecosystem

Daniel R. Thomas, Alastair R. Beresford, Andrew Rice
2015 Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices - SPSM '15  
We define the FUM security metric to rank the performance of device manufacturers and network operators, based on their provision of updates and exposure to critical vulnerabilities.  ...  The security of Android depends on the timely delivery of updates to fix critical vulnerabilities.  ...  INTRODUCTION All large software systems today contain undiscovered security vulnerabilities.  ... 
doi:10.1145/2808117.2808118 dblp:conf/ccs/ThomasBR15 fatcat:2oddf6356jd2piwc4w52jcgz6m

On the Combination of Static Analysis for Software Security Assessment – A Case Study of an Open-Source e-Government Project

Anh Nguyen-Duc, Manh-Viet Do, Quan Luong-Hong, Kiem Nguyen-Khac, Hoang Truong-Anh
2021 Advances in Science, Technology and Engineering Systems  
In this work, we reported a longitudinal case study of adopting SAST as a part of a humandriven security assessment for an open-source e-government project.  ...  Static Application Security Testing (SAST) is a popular quality assurance technique in software engineering.  ...  Acknowledgement This paper is supported by Vietnam Ministry of Science and Technology under the project "Secured Open source-software Repository for E-Government", number KC.01.16/16-20.  ... 
doi:10.25046/aj0602105 fatcat:xrt5b3znwrhuxkffedzxqgkmfu
« Previous Showing results 1 — 15 out of 9,876 results