Visible to the public Towards Automated Security Vulnerability and Software Defect Localization

TitleTowards Automated Security Vulnerability and Software Defect Localization
Publication TypeConference Paper
Year of Publication2019
AuthorsVisalli, Nicholas, Deng, Lin, Al-Suwaida, Amro, Brown, Zachary, Joshi, Manish, Wei, Bingyang
Conference Name2019 IEEE 17th International Conference on Software Engineering Research, Management and Applications (SERA)
Date PublishedMay 2019
PublisherIEEE
ISBN Number978-1-7281-0798-1
KeywordsAutomated Secure Software Engineering, automated security vulnerability, bug, composability, Computer bugs, Correlation, cybersecurity, Defect Localization, Human Behavior, modern software, program diagnostics, pubcrawl, resilience, Resiliency, security, security of data, security vulnerabilities, security vulnerability, software defect, software defect localization, software defects, software maintenance, Software systems, static analysis, static code analysis, Tools, undiscovered vulnerabilities
Abstract

Security vulnerabilities and software defects are prevalent in software systems, threatening every aspect of cyberspace. The complexity of modern software makes it hard to secure systems. Security vulnerabilities and software defects become a major target of cyberattacks which can lead to significant consequences. Manual identification of vulnerabilities and defects in software systems is very time-consuming and tedious. Many tools have been designed to help analyze software systems and to discover vulnerabilities and defects. However, these tools tend to miss various types of bugs. The bugs that are not caught by these tools usually include vulnerabilities and defects that are too complicated to find or do not fall inside of an existing rule-set for identification. It was hypothesized that these undiscovered vulnerabilities and defects do not occur randomly, rather, they share certain common characteristics. A methodology was proposed to detect the probability of a bug existing in a code structure. We used a comprehensive experimental evaluation to assess the methodology and report our findings.

URLhttps://ieeexplore.ieee.org/document/8886795
DOI10.1109/SERA.2019.8886795
Citation Keyvisalli_towards_2019