Studying software vulnerabilities

Robin A. Gandhi, Harvey Siy, Yan Wu

Research output: Contribution to journalArticle

8 Scopus citations

Abstract

There have been several research efforts to enumerate and categorize software weaknesses that lead to vulnerabilities. To consolidate these efforts, the Common Weakness Enumeration (CWE) is a community-developed dictionary of software weakness types and their relationships. Yet, using the CWE to study and prevent vulnerabilities in specific software projects is difficult. This article presents a novel approach for using the CWE to organize and integrate the vulnerability information recorded in large project repositories.

Original languageEnglish (US)
Pages (from-to)16-20
Number of pages5
JournalCrossTalk
Volume23
Issue number9-10
Publication statusPublished - Sep 23 2010

    Fingerprint

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction

Cite this

Gandhi, R. A., Siy, H., & Wu, Y. (2010). Studying software vulnerabilities. CrossTalk, 23(9-10), 16-20.