Gegick et al., 2009 - Google Patents
Toward non-security failures as a predictor of security faults and failuresGegick et al., 2009
View PDF- Document ID
- 18212959084543118213
- Author
- Gegick M
- Rotella P
- Williams L
- Publication year
- Publication venue
- Engineering Secure Software and Systems: First International Symposium ESSoS 2009, Leuven, Belgium, February 4-6, 2009. Proceedings 1
External Links
Snippet
In the search for metrics that can predict the presence of vulnerabilities early in the software life cycle, there may be some benefit to choosing metrics from the non-security realm. We analyzed non-security and security failure data reported for the year 2007 of a Cisco …
- 238000004458 analytical method 0 description 22
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06Q—DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management, e.g. organising, planning, scheduling or allocating time, human or machine resources; Enterprise planning; Organisational models
- G06Q10/063—Operations research or analysis
- G06Q10/0639—Performance analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Error detection; Error correction; Monitoring responding to the occurence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0766—Error or fault reporting or storing
- G06F11/0775—Content or structure details of the error report, e.g. specific table structure, specific error fields
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06Q—DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management, e.g. organising, planning, scheduling or allocating time, human or machine resources; Enterprise planning; Organisational models
- G06Q10/063—Operations research or analysis
- G06Q10/0635—Risk analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06Q—DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce, e.g. shopping or e-commerce
- G06Q30/01—Customer relationship, e.g. warranty
- G06Q30/018—Business or product certification or verification
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Gegick et al. | Prioritizing software security fortification throughcode-level metrics | |
CA2922108C (en) | Systems and methods for predictive reliability mining | |
Geer et al. | Information security: Why the future belongs to the quants | |
Pačaiová et al. | Development of GRAM–A risk measurement tool using risk based thinking principles | |
US7478000B2 (en) | Method and system to develop a process improvement methodology | |
Yu et al. | Experience in predicting fault-prone software modules using complexity metrics | |
Yang et al. | Improving vulnerability prediction accuracy with secure coding standard violation measures | |
Gegick et al. | Toward non-security failures as a predictor of security faults and failures | |
Verma et al. | Prediction of defect density for open source software using repository metrics | |
Urunkar et al. | Fraud detection and analysis for insurance claim using machine learning | |
Gegick et al. | Predicting attack-prone components | |
Omri et al. | Static analysis and code complexity metrics as early indicators of software defects | |
RU2746685C2 (en) | Cybersecurity system with a differentiated ability to cope with complex cyber attacks | |
Gegick et al. | Toward the use of automated static analysis alerts for early identification of vulnerability-and attack-prone components | |
Hamill et al. | Exploring the missing link: An empirical study of software fixes | |
Awadid et al. | AI Systems Trustworthiness Assessment: State of the Art | |
Jalote et al. | The When–Who–How analysis of defects for improving the quality control process | |
Chiu et al. | Validating Process Mining: A Framework Integrating Auditor’s Risk Assessment | |
Gegick et al. | Predictive models for identifying software components prone to failure during security attacks | |
CN115640992A (en) | Risk assessment method and device | |
Bridges et al. | Key issues with implementing LOPA | |
Gegick | Failure-prone components are also attack-prone components | |
Williams et al. | Predictive Models for Identifying Software Components Prone to Failure During Security Attacks | |
Oakley et al. | Examining the impact of critical attributes on hard drive failure times: Multi‐state models for left‐truncated and right‐censored semi‐competing risks data | |
Shukla et al. | Change Point Problem in Security Vulnerability Discovery Model |