Gegick et al., 2009 - Google Patents

Toward non-security failures as a predictor of security faults and failures

Gegick et al., 2009

View PDF
Document ID
18212959084543118213
Author
Gegick M
Rotella P
Williams L
Publication year
Publication venue
Engineering Secure Software and Systems: First International Symposium ESSoS 2009, Leuven, Belgium, February 4-6, 2009. Proceedings 1

External Links

Snippet

In the search for metrics that can predict the presence of vulnerabilities early in the software life cycle, there may be some benefit to choosing metrics from the non-security realm. We analyzed non-security and security failure data reported for the year 2007 of a Cisco …
Continue reading at www.academia.edu (PDF) (other versions)

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management, e.g. organising, planning, scheduling or allocating time, human or machine resources; Enterprise planning; Organisational models
    • G06Q10/063Operations research or analysis
    • G06Q10/0639Performance analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Error detection; Error correction; Monitoring responding to the occurence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0766Error or fault reporting or storing
    • G06F11/0775Content or structure details of the error report, e.g. specific table structure, specific error fields
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management, e.g. organising, planning, scheduling or allocating time, human or machine resources; Enterprise planning; Organisational models
    • G06Q10/063Operations research or analysis
    • G06Q10/0635Risk analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce, e.g. shopping or e-commerce
    • G06Q30/01Customer relationship, e.g. warranty
    • G06Q30/018Business or product certification or verification

Similar Documents

Publication Publication Date Title
Gegick et al. Prioritizing software security fortification throughcode-level metrics
CA2922108C (en) Systems and methods for predictive reliability mining
Geer et al. Information security: Why the future belongs to the quants
Pačaiová et al. Development of GRAM–A risk measurement tool using risk based thinking principles
US7478000B2 (en) Method and system to develop a process improvement methodology
Yu et al. Experience in predicting fault-prone software modules using complexity metrics
Yang et al. Improving vulnerability prediction accuracy with secure coding standard violation measures
Gegick et al. Toward non-security failures as a predictor of security faults and failures
Verma et al. Prediction of defect density for open source software using repository metrics
Urunkar et al. Fraud detection and analysis for insurance claim using machine learning
Gegick et al. Predicting attack-prone components
Omri et al. Static analysis and code complexity metrics as early indicators of software defects
RU2746685C2 (en) Cybersecurity system with a differentiated ability to cope with complex cyber attacks
Gegick et al. Toward the use of automated static analysis alerts for early identification of vulnerability-and attack-prone components
Hamill et al. Exploring the missing link: An empirical study of software fixes
Awadid et al. AI Systems Trustworthiness Assessment: State of the Art
Jalote et al. The When–Who–How analysis of defects for improving the quality control process
Chiu et al. Validating Process Mining: A Framework Integrating Auditor’s Risk Assessment
Gegick et al. Predictive models for identifying software components prone to failure during security attacks
CN115640992A (en) Risk assessment method and device
Bridges et al. Key issues with implementing LOPA
Gegick Failure-prone components are also attack-prone components
Williams et al. Predictive Models for Identifying Software Components Prone to Failure During Security Attacks
Oakley et al. Examining the impact of critical attributes on hard drive failure times: Multi‐state models for left‐truncated and right‐censored semi‐competing risks data
Shukla et al. Change Point Problem in Security Vulnerability Discovery Model