scholarly journals Modeling and Characterizing Software Vulnerabilities

2017 ◽  
Vol 2 (4) ◽  
pp. 288-299 ◽  
Author(s):  
Navneet Bhatt ◽  
Adarsh Anand ◽  
V. S. S. Yadavalli ◽  
Vijay Kumar
Keyword(s):  
Operating Systems ◽  
Software Security ◽  
Software Developers ◽  
Security Assurance ◽  
Quantitative Classification ◽  
Software Vulnerabilities ◽  
Systems Software ◽  
Vulnerability Discovery ◽  
Empirical Illustration

With the association of software security assurance in the development of code based systems; software developers are relying on the Vulnerability discovery models to mitigate the breaches by estimating the total number of vulnerabilities, before they’re exploited by the intruders. Vulnerability Discovery Models (VDMs) provide the quantitative classification of the flaws that exists in a software that will be discovered after a software is released. In this paper, we develop a vulnerability discovery model that accumulate the vulnerabilities due to the influence of previously discovered vulnerabilities. We further evaluate the proportion of previously discovered vulnerabilities along with the fraction additional vulnerabilities detected. The quantification methodology presented in this article has been accompanied with an empirical illustration on popular operating systems’ vulnerability data.

Bi-Criterion Problem to Determine Optimal Vulnerability Discovery and Patching Time

2018 ◽  
Vol 25 (01) ◽  
pp. 1850002 ◽  
Author(s):  
Swati Narang ◽  
P. K. Kapur ◽  
D. Damodaran ◽  
A. K. Shrivastava
Keyword(s):  
Software Security ◽  
Real Life ◽  
Data Set ◽  
Security Breach ◽  
Software Vulnerabilities ◽  
Real Life Data ◽  
Proposed Model ◽  
Software Firms ◽  
Vulnerability Discovery ◽  
Discovery Time

In the last decade, we have seen enormous growth in software security related problems. This is due to the presence of bad guys who keep eye on the software vulnerabilities and create the security breach. Because of which software firms face huge loss. The problems of the software firms is two folded. One is to decide the optimal discovery time of the software vulnerability and another one is to determine the optimal patching time of those discovered vulnerability. Optimal discovery time of vulnerability is necessary as not disclosing the vulnerability on time may cause serious loss in the coming future. On the other hand, after discovering the vulnerabilities, it is more important to fix them too. Fixing of vulnerabilities is done by patching. But when to patch the vulnerabilities is also a great concern for the software firms. As delay in patch may cause more breaches in security and disadoption of the software and early patching early may reduce the risk but bad patching may increase the risk of security breach even after remedial patch release. In the current work, we have proposed a bi-criterion framework to minimizing cost and risk together under risk and budgetary constraints to determine the optimal vulnerability discovery and patching time. The proposed model is validated using real life data set.

scholarly journals Challenging software developers: dialectic as a foundation for security assurance techniques

2020 ◽  
Vol 6 (1) ◽  
Author(s):  
Charles Weir ◽  
Awais Rashid ◽  
James Noble
Keyword(s):  
Software Security ◽  
Software Developers ◽  
Security Assurance ◽  
App Development ◽  
Development Teams ◽  
Development Cycle

Abstract Development teams are increasingly expected to deliver secure code, but how can they best achieve this? Traditional security practice, which emphasizes ‘telling developers what to do’ using checklists, processes and errors to avoid, has proved difficult to introduce. From analysis of industry interviews with a dozen experts in app development security, we find that secure development requires ‘dialectic’: a challenging dialog between the developers and a range of counterparties, continued throughout the development cycle. Analysing a further survey of 16 industry developer security advocates, we identify the six assurance techniques that are most effective at achieving this dialectic in existing development teams, and conclude that the introduction of these techniques is best driven by the developers themselves. Concentrating on these six assurance techniques, and the dialectical interactions they involve, has the potential to increase the security of development activities and thus improve software security for everyone.

scholarly journals Software Risk Assessment for Windows Operating Systems with respect to CVSS

2019 ◽  
Vol 4 (11) ◽  
pp. 41-45
Author(s):  
HyunChul Joh
Keyword(s):  
Operating Systems ◽  
Scientific Investigation ◽  
Risk Assessments ◽  
Software Systems ◽  
Web Browsers ◽  
Software Vulnerabilities ◽  
Vulnerability Discovery ◽  
Quantitative Examination ◽  
Software Risk ◽  
The Given

CVSS is recognized as a de facto standard for categorizing and measuring software vulnerabilities in both how easy for exploitation for the given security bug and how much impact on a system having the vulnerability in a sense of the three security factors. Meanwhile, since the early 2000s, quantitative risk assessments of software systems had been able to be examined thanks to the accumulated enough datasets for a scientific investigation. However, there are still a lot of research attempts not to be taken in a quantitative examination of software risk assessments. In this paper, we are quantitatively analyzing CVSS scores in vulnerabilities from the three most recent Windows products, namely, Windows 7, Windows 8.1 and Windows 10. The result shows that AML vulnerability discovery model represents Windows vulnerability discovery trend reasonably. Furthermore, we found explicitly that, most of the time, security bugs are compromised with no authentication required systems. This result is corresponding with the output from the previous research based on Web browsers.

scholarly journals Machine learning algorithm improved automated droplet classification of ddPCR for detection of BRAF V600E in paraffin-embedded samples

2021 ◽  
Vol 11 (1) ◽  
Author(s):  
Gabriel A. Colozza-Gama ◽  
Fabiano Callegari ◽  
Nikola Bešič ◽  
Ana C. de J. Paviza ◽  
Janete M. Cerutti
Keyword(s):  
Machine Learning ◽  
Sanger Sequencing ◽  
Learning Algorithm ◽  
Absolute Quantification ◽  
Braf V600e Mutation ◽  
Braf V600e ◽  
Driver Genes ◽  
Quantitative Classification ◽  
Cancer Driver

AbstractSomatic mutations in cancer driver genes can help diagnosis, prognosis and treatment decisions. Formalin-fixed paraffin-embedded (FFPE) specimen is the main source of DNA for somatic mutation detection. To overcome constraints of DNA isolated from FFPE, we compared pyrosequencing and ddPCR analysis for absolute quantification of BRAF V600E mutation in the DNA extracted from FFPE specimens and compared the results to the qualitative detection information obtained by Sanger Sequencing. Sanger sequencing was able to detect BRAF V600E mutation only when it was present in more than 15% total alleles. Although the sensitivity of ddPCR is higher than that observed for Sanger, it was less consistent than pyrosequencing, likely due to droplet classification bias of FFPE-derived DNA. To address the droplet allocation bias in ddPCR analysis, we have compared different algorithms for automated droplet classification and next correlated these findings with those obtained from pyrosequencing. By examining the addition of non-classifiable droplets (rain) in ddPCR, it was possible to obtain better qualitative classification of droplets and better quantitative classification compared to no rain droplets, when considering pyrosequencing results. Notable, only the Machine learning k-NN algorithm was able to automatically classify the samples, surpassing manual classification based on no-template controls, which shows promise in clinical practice.

scholarly journals Sifu - a cybersecurity awareness platform with challenge assessment and intelligent coach

Cybersecurity ◽  
2020 ◽  
Vol 3 (1) ◽  
Author(s):  
Tiago Espinha Gasiba ◽  
Ulrike Lechner ◽  
Maria Pinto-Albuquerque
Keyword(s):  
Real Life ◽  
Critical Infrastructures ◽  
Automatic Assessment ◽  
Software Developers ◽  
Software Vulnerabilities ◽  
Secure Coding ◽  
Industrial Software ◽  
Industrial Standards ◽  
Coding Guidelines ◽  
Industrial Context

AbstractSoftware vulnerabilities, when actively exploited by malicious parties, can lead to catastrophic consequences. Proper handling of software vulnerabilities is essential in the industrial context, particularly when the software is deployed in critical infrastructures. Therefore, several industrial standards mandate secure coding guidelines and industrial software developers’ training, as software quality is a significant contributor to secure software. CyberSecurity Challenges (CSC) form a method that combines serious game techniques with cybersecurity and secure coding guidelines to raise secure coding awareness of software developers in the industry. These cybersecurity awareness events have been used with success in industrial environments. However, until now, these coached events took place on-site. In the present work, we briefly introduce cybersecurity challenges and propose a novel platform that allows these events to take place online. The introduced cybersecurity awareness platform, which the authors call Sifu, performs automatic assessment of challenges in compliance to secure coding guidelines, and uses an artificial intelligence method to provide players with solution-guiding hints. Furthermore, due to its characteristics, the Sifu platform allows for remote (online) learning, in times of social distancing. The CyberSecurity Challenges events based on the Sifu platform were evaluated during four online real-life CSC events. We report on three surveys showing that the Sifu platform’s CSC events are adequate to raise industry software developers awareness on secure coding.

Quantitative classification of near-fault ground motions selected by energy indicators

Structures ◽  
2022 ◽  
Vol 35 ◽  
pp. 780-791
Author(s):  
Dahai Zhao ◽  
Huiwei Wang ◽  
Ding Wang ◽  
Ruiguang Zhu ◽  
Jinghui Zhang
Keyword(s):  
Ground Motions ◽  
Quantitative Classification ◽  
Near Fault ◽  
Energy Indicators
Sign in / Sign up

Export Citation Format

Share Document