Towards Automated Security Vulnerability and Software Defect Localization
Title | Towards Automated Security Vulnerability and Software Defect Localization |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Visalli, Nicholas, Deng, Lin, Al-Suwaida, Amro, Brown, Zachary, Joshi, Manish, Wei, Bingyang |
Conference Name | 2019 IEEE 17th International Conference on Software Engineering Research, Management and Applications (SERA) |
Date Published | May 2019 |
Publisher | IEEE |
ISBN Number | 978-1-7281-0798-1 |
Keywords | Automated Secure Software Engineering, automated security vulnerability, bug, composability, Computer bugs, Correlation, cybersecurity, Defect Localization, Human Behavior, modern software, program diagnostics, pubcrawl, resilience, Resiliency, security, security of data, security vulnerabilities, security vulnerability, software defect, software defect localization, software defects, software maintenance, Software systems, static analysis, static code analysis, Tools, undiscovered vulnerabilities |
Abstract | Security vulnerabilities and software defects are prevalent in software systems, threatening every aspect of cyberspace. The complexity of modern software makes it hard to secure systems. Security vulnerabilities and software defects become a major target of cyberattacks which can lead to significant consequences. Manual identification of vulnerabilities and defects in software systems is very time-consuming and tedious. Many tools have been designed to help analyze software systems and to discover vulnerabilities and defects. However, these tools tend to miss various types of bugs. The bugs that are not caught by these tools usually include vulnerabilities and defects that are too complicated to find or do not fall inside of an existing rule-set for identification. It was hypothesized that these undiscovered vulnerabilities and defects do not occur randomly, rather, they share certain common characteristics. A methodology was proposed to detect the probability of a bug existing in a code structure. We used a comprehensive experimental evaluation to assess the methodology and report our findings. |
URL | https://ieeexplore.ieee.org/document/8886795 |
DOI | 10.1109/SERA.2019.8886795 |
Citation Key | visalli_towards_2019 |
- program diagnostics
- undiscovered vulnerabilities
- tools
- static code analysis
- Software systems
- software maintenance
- software defects
- software defect localization
- software defect
- security vulnerability
- security vulnerabilities
- security of data
- security
- resilience
- static analysis
- modern software
- Defect Localization
- Cybersecurity
- Correlation
- Computer bugs
- bug
- automated security vulnerability
- Automated Secure Software Engineering
- Resiliency
- composability
- Human behavior
- pubcrawl