| Title | Automating Threat Intelligence for SDL |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Kannavara, R., Vangore, J., Roberts, W., Lindholm, M., Shrivastav, P. |
| Conference Name | 2018 IEEE Cybersecurity Development (SecDev) |
| Date Published | sep |
| Keywords | Automated Secure Software Engineering, composability, Conferences, data mining, Databases, enterprise information technology infrastructure, Feeds, IT infrastructure, Malware, open source threat information sources mining, product deployment, Product design, product development, product security, product specific threat indicators, pubcrawl, Resiliency, SDL, security, security community, security development lifecycle, security of data, software engineering, Stakeholders, tactical threat intelligence, threat intelligence, vulnerability disclosure |
| Abstract | Threat intelligence is very important in order to execute a well-informed Security Development Lifecycle (SDL). Although there are many readily available solutions supporting tactical threat intelligence focusing on enterprise Information Technology (IT) infrastructure, the lack of threat intelligence solutions focusing on SDL is a known gap which is acknowledged by the security community. To address this shortcoming, we present a solution to automate the process of mining open source threat information sources to deliver product specific threat indicators designed to strategically inform the SDL while continuously monitoring for disclosures of relevant potential vulnerabilities during product design, development, and beyond deployment. |
| DOI | 10.1109/SecDev.2018.00033 |
| Citation Key | kannavara_automating_2018 |
Automating Threat Intelligence for SDL