Studying software vulnerabilities

Robin A. Gandhi; Harvey Siy; Yan Wu

Studying software vulnerabilities

Robin A. Gandhi, Harvey Siy, Yan Wu

Research output: Contribution to journal › Article › peer-review

Abstract

There have been several research efforts to enumerate and categorize software weaknesses that lead to vulnerabilities. To consolidate these efforts, the Common Weakness Enumeration (CWE) is a community-developed dictionary of software weakness types and their relationships. Yet, using the CWE to study and prevent vulnerabilities in specific software projects is difficult. This article presents a novel approach for using the CWE to organize and integrate the vulnerability information recorded in large project repositories.

Original language	English (US)
Pages (from-to)	16-20
Number of pages	5
Journal	CrossTalk
Volume	23
Issue number	9-10
State	Published - 2010

ASJC Scopus subject areas

Software
Human-Computer Interaction

Cite this

@article{e7872506ba044bb0978bc09a75f51551,

title = "Studying software vulnerabilities",

abstract = "There have been several research efforts to enumerate and categorize software weaknesses that lead to vulnerabilities. To consolidate these efforts, the Common Weakness Enumeration (CWE) is a community-developed dictionary of software weakness types and their relationships. Yet, using the CWE to study and prevent vulnerabilities in specific software projects is difficult. This article presents a novel approach for using the CWE to organize and integrate the vulnerability information recorded in large project repositories.",

author = "Gandhi, {Robin A.} and Harvey Siy and Yan Wu",

year = "2010",

language = "English (US)",

volume = "23",

pages = "16--20",

journal = "CrossTalk",

issn = "2160-1577",

publisher = "Software Technology Support Center",

number = "9-10",

}

TY - JOUR

T1 - Studying software vulnerabilities

AU - Gandhi, Robin A.

AU - Siy, Harvey

AU - Wu, Yan

PY - 2010

Y1 - 2010

N2 - There have been several research efforts to enumerate and categorize software weaknesses that lead to vulnerabilities. To consolidate these efforts, the Common Weakness Enumeration (CWE) is a community-developed dictionary of software weakness types and their relationships. Yet, using the CWE to study and prevent vulnerabilities in specific software projects is difficult. This article presents a novel approach for using the CWE to organize and integrate the vulnerability information recorded in large project repositories.

AB - There have been several research efforts to enumerate and categorize software weaknesses that lead to vulnerabilities. To consolidate these efforts, the Common Weakness Enumeration (CWE) is a community-developed dictionary of software weakness types and their relationships. Yet, using the CWE to study and prevent vulnerabilities in specific software projects is difficult. This article presents a novel approach for using the CWE to organize and integrate the vulnerability information recorded in large project repositories.

UR - http://www.scopus.com/inward/record.url?scp=77956769752&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77956769752&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:77956769752

SN - 2160-1577

VL - 23

SP - 16

EP - 20

JO - CrossTalk

JF - CrossTalk

IS - 9-10

ER -

Studying software vulnerabilities

Abstract

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this