Add to ORKGThis paper proposes an ontology-based approach to analyzing and assessing the security posture for software products. It provides measurements of trust for a software product based on its security requirements and evidence of assurance, which are retrieved from an ontology built for vulnerability management. Our approach differentiates with the previous work in the following aspects: (1) It is a holistic approach emphasizing that the system assurance cannot be determined or explained by its component assurance alone. Instead, the software system as a whole determines its assurance level. (2) Our approach is based on widely accepted standards such as CVSS, CVE, CWE, CPE, and CAPEC. Our ontology integrated these standards seamlessly thus prov...
International audienceSecurity is an important issue that needs to be taken into account at all stag...
In Risk Management, security issues arise from complex relations among objects and agents, their cap...
In Risk Management, security issues arise from complex relations among objects and agents, their cap...
Critical software vulnerabilities are often caused by incorrect, vague, or missing security requirem...
Measuring security is a complex task and requires a great deal of knowledge. Managing this knowledge...
Abstract—Measuring security is a complex task and requires a great deal of knowledge. Managing this ...
Knowledge of software security is highly complex since it is quite context-specific and can be appli...
Security requirements managers aim at eliciting, reusing and keeping their sets of requirements. The...
Software applications become highly distributed and complex, involving independent collaborating com...
Security concerns for physical, software and virtual worlds have captured the attention of researche...
In recent years, security in Information Systems (IS) has become an important issue, and needs to be...
Any safety issues or cyber attacks on an Industrial Control Systems (ICS) may have catastrophic cons...
Software applications become highly distributed and complex, involving independent collaborating com...
Software applications become highly distributed and complex, involving independent collaborating com...
International audienceSecurity is an important issue that needs to be taken into account at all stag...
International audienceSecurity is an important issue that needs to be taken into account at all stag...
In Risk Management, security issues arise from complex relations among objects and agents, their cap...
In Risk Management, security issues arise from complex relations among objects and agents, their cap...
Critical software vulnerabilities are often caused by incorrect, vague, or missing security requirem...
Measuring security is a complex task and requires a great deal of knowledge. Managing this knowledge...
Abstract—Measuring security is a complex task and requires a great deal of knowledge. Managing this ...
Knowledge of software security is highly complex since it is quite context-specific and can be appli...
Security requirements managers aim at eliciting, reusing and keeping their sets of requirements. The...
Software applications become highly distributed and complex, involving independent collaborating com...
Security concerns for physical, software and virtual worlds have captured the attention of researche...
In recent years, security in Information Systems (IS) has become an important issue, and needs to be...
Any safety issues or cyber attacks on an Industrial Control Systems (ICS) may have catastrophic cons...
Software applications become highly distributed and complex, involving independent collaborating com...
Software applications become highly distributed and complex, involving independent collaborating com...
International audienceSecurity is an important issue that needs to be taken into account at all stag...
International audienceSecurity is an important issue that needs to be taken into account at all stag...
In Risk Management, security issues arise from complex relations among objects and agents, their cap...
In Risk Management, security issues arise from complex relations among objects and agents, their cap...