Code revision of a leading telecom product was performed, combining manual audit and static analysis tools. On average, one exploitable vulnerability was found for every 4000 lines of code. Half of the located threats in the product were buffer overflows followed by race condition, misplaced trust, and poor random generators. Static analysis tools were used to speed up the revision process and to integrate security tests into the overall project process. The discussion analyses the effectiveness of automatic tools for auditing software. Furthermore, the incorporation of the software security analysis into the development process, and the results and costs of the security analysis is discussed. From the initial 42 workdays used for finding a...
Extensive research has shown that software metrics can be used to identify fault- and failure-prone ...
Developing and delivering secure software is a challenging task, that gets even harder when the deve...
This thesis contributes to three research areas in software security, namely security requirements a...
Software users have become more conscious of security. More people have access to Internet and huge ...
Software vulnerabilities are added into programs during its development. Architectural flaws are int...
Software vulnerabilities are added into programs during its development. Architectural flaws are i...
Automated static code analysis is an efficient technique to increase the quality of software during ...
Software repositories contain much information besides the source code itself. For Open Source proj...
In an effort to determine how to make secure software development more cost effective, the SEI condu...
Refactoring is the process of restructuringexisting computer code – changing the factoring –without ...
Context: Security is a growing concern in many organizations. Industries developing software systems...
Abstract—No single software fault-detection technique is capable of addressing all fault-detection c...
Abstract Many teams at CERN, develop their own software to solve their tasks. This software may be...
Companies develop their software in versions and iterations. Ensuring the security of each additiona...
We describe an approach and tool for analyzing the vulnerability of software applications to anomalo...
Extensive research has shown that software metrics can be used to identify fault- and failure-prone ...
Developing and delivering secure software is a challenging task, that gets even harder when the deve...
This thesis contributes to three research areas in software security, namely security requirements a...
Software users have become more conscious of security. More people have access to Internet and huge ...
Software vulnerabilities are added into programs during its development. Architectural flaws are int...
Software vulnerabilities are added into programs during its development. Architectural flaws are i...
Automated static code analysis is an efficient technique to increase the quality of software during ...
Software repositories contain much information besides the source code itself. For Open Source proj...
In an effort to determine how to make secure software development more cost effective, the SEI condu...
Refactoring is the process of restructuringexisting computer code – changing the factoring –without ...
Context: Security is a growing concern in many organizations. Industries developing software systems...
Abstract—No single software fault-detection technique is capable of addressing all fault-detection c...
Abstract Many teams at CERN, develop their own software to solve their tasks. This software may be...
Companies develop their software in versions and iterations. Ensuring the security of each additiona...
We describe an approach and tool for analyzing the vulnerability of software applications to anomalo...
Extensive research has shown that software metrics can be used to identify fault- and failure-prone ...
Developing and delivering secure software is a challenging task, that gets even harder when the deve...
This thesis contributes to three research areas in software security, namely security requirements a...