| Title | Towards Data-driven Vulnerability Prediction for Requirements |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Imtiaz, Sayem Mohammad, Bhowmik, Tanmay |
| Conference Name | Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-5573-5 |
| Keywords | Automated Secure Software Engineering, composability, information retrieval, pubcrawl, Resiliency, software requirements, software security, Software Vulnerability, Traceability, Vulnerability prediction |
| Abstract | Due to the abundance of security breaches we continue to see, the software development community is recently paying attention to a more proactive approach towards security. This includes predicting vulnerability before exploitation employing static code analysis and machine learning techniques. Such mechanisms, however, are designed to detect post-implementation vulnerabilities. As the root of a vulnerability can often be traced back to the requirement specification, and vulnerability discovered later in the development life cycle is more expensive to fix, we need additional preventive mechanisms capable of predicting vulnerability at a much earlier stage. In this paper, we propose a novel framework providing an automated support to predict vulnerabilities for a requirement as early as during requirement engineering. We further present a preliminary demonstration of our framework and the promising results we observe clearly indicate the value of this new research idea. |
| URL | http://doi.acm.org/10.1145/3236024.3264836 |
| DOI | 10.1145/3236024.3264836 |
| Citation Key | imtiaz_towards_2018 |
Towards Data-driven Vulnerability Prediction for Requirements