CT-ER: On the Use of Security Metrics to Identify and Rank the Risk of Vulnerability- and Exploit-Prone Components

  • Williams, Laurie L. (Investigador principal)

Detalles del proyecto

Descripción

CT-ER: On the Use of Security Metrics to Identify and Rank the Risk of Vulnerability- and Exploit-Prone Components

Decades of software engineering research has shown the effectiveness of the use software metrics to identify fault- and failure-prone components and to predict the overall quality of a system early in the software development lifecycle. Software development organizations use this knowledge to prioritize their redesign and validation and verification efforts. In this research, we extend this work to examine the corresponding power of software security metrics to effectively identify vulnerability-prone and exploit-prone components early in the software development lifecycle. The technical objective of this research is to create and validate a predictive model that uses security metrics to identify and rank the risk of vulnerability-prone and exploit-prone components in a software product. The results of this model can be used to inform risk management and to prioritize re-design and validation and verification efforts in the later phases of the life cycle. The expected result from guiding software development efforts via the predictive model is the production of more secure software. The educational objective is to incorporate these research results into resources for educating students to engineer secure software products.

EstadoFinalizado
Fecha de inicio/Fecha fin1/8/0731/1/11

Financiación

  • National Science Foundation: USD201,063.00

!!!ASJC Scopus Subject Areas

  • Software
  • Redes de ordenadores y comunicaciones

Huella digital

Explore los temas de investigación que se abordan en este proyecto. Estas etiquetas se generan con base en las adjudicaciones/concesiones subyacentes. Juntos, forma una huella digital única.