scholarly journals Introduction to the Minitrack on Cybersecurity and Software Assurance

2022 ◽  
Author(s):  
Richard George ◽  
Thomas Llanso ◽  
Luanne Chamberlain
Keyword(s):  
Software Assurance

Mobile Software Assurance Informed through Knowledge Graph Construction: The OWASP Threat of Insecure Data Storage

2020 ◽  
Vol 2 (2) ◽  
Author(s):  
Suzanna Schmeelk ◽  
Lixin Tao
Keyword(s):  
Data Storage ◽  
Program Analysis ◽  
Web Application ◽  
Security Analysis ◽  
Knowledge Graph ◽  
Healthcare Applications ◽  
Sensitive Data ◽  
Knowledge Graphs ◽  
Mobile Malware Detection ◽  
Software Assurance

Many organizations, to save costs, are movinheg to t Bring Your Own Mobile Device (BYOD) model and adopting applications built by third-parties at an unprecedented rate.  Our research examines software assurance methodologies specifically focusing on security analysis coverage of the program analysis for mobile malware detection, mitigation, and prevention.  This research focuses on secure software development of Android applications by developing knowledge graphs for threats reported by the Open Web Application Security Project (OWASP).  OWASP maintains lists of the top ten security threats to web and mobile applications.  We develop knowledge graphs based on the two most recent top ten threat years and show how the knowledge graph relationships can be discovered in mobile application source code.  We analyze 200+ healthcare applications from GitHub to gain an understanding of their software assurance of their developed software for one of the OWASP top ten moble threats, the threat of “Insecure Data Storage.”  We find that many of the applications are storing personally identifying information (PII) in potentially vulnerable places leaving users exposed to higher risks for the loss of their sensitive data.

scholarly journals Application of Seq2Seq Models on Code Correction

2021 ◽  
Vol 4 ◽  
Author(s):  
Shan Huang ◽  
Xiao Zhou ◽  
Sang Chin
Keyword(s):  
Transfer Learning ◽  
Programming Language ◽  
Computational Efficiency ◽  
Test Suite ◽  
Classification Task ◽  
Repair Rate ◽  
Error Type ◽  
Memory Efficiency ◽  
Type Classification ◽  
Software Assurance

We apply various seq2seq models on programming language correction tasks on Juliet Test Suite for C/C++ and Java of Software Assurance Reference Datasets and achieve 75% (for C/C++) and 56% (for Java) repair rates on these tasks. We introduce pyramid encoder in these seq2seq models, which significantly increases the computational efficiency and memory efficiency, while achieving similar repair rate to their nonpyramid counterparts. We successfully carry out error type classification task on ITC benchmark examples (with only 685 code instances) using transfer learning with models pretrained on Juliet Test Suite, pointing out a novel way of processing small programming language datasets.

Assimilating and Optimizing Software Assurance in the SDLC

2012 ◽  
pp. 16-34
Author(s):  
Aderemi O. Adeniji ◽  
Seok-Won Lee
Keyword(s):  
Software Development ◽  
Development Lifecycle ◽  
Secure Software ◽  
Software Development Lifecycle ◽  
Software Processes ◽  
Software Lifecycle ◽  
Software Assurance

Software Assurance is the planned and systematic set of activities that ensures software processes and products conform to requirements while standards and procedures in a manner that builds trusted systems and secure software. While absolute security may not yet be possible, procedures and practices exist to promote assurance in the software lifecycle. In this paper, the authors present a framework and step-wise approach towards achieving and optimizing assurance by infusing security knowledge, techniques, and methodologies into each phase of the Software Development Lifecycle (SDLC).

Sign in / Sign up

Export Citation Format

Share Document