Improving Vulnerability Prediction Accuracy with Secure Coding Standard Violation Measures
As the need of software has been increasing, the danger of malicious attacks against software has been worse. In order to fortify software systems against adversaries, researchers have devoted significant efforts on mitigating software vulnerabilities. To eliminate security vulnerabilities from software with lower inspection effort, vulnerability prediction approaches have been emerged. By allocating human and time resource on the potentially vulnerable subset, development organization could eliminate vulnerabilities in a cost effective manner. In the vulnerability prediction approaches, a vulnerability prediction model is constructed based on various software attributes. However, vulnerability prediction models based on the traditional software attributes have provided poor prediction accuracy or low cost effectiveness since the traditional software attributes are unable to reflect vulnerability characteristics sufficiently. In this paper, we propose a novel vulnerability prediction approach based on the CERT-C Secure Coding Standard. To evaluate the efficacy of the proposed approach, the prediction results of the suggested prediction models and other traditional models were assessed in terms of prediction accuracy and cost effectiveness. The results show that the proposed method can improve the vulnerability prediction accuracy.
- Issue Date
- 2016-01-20
- Language
- English
- Citation
International Conference on Big Data and Smart Computing, BigComp 2016, pp.115 - 122
- Appears in Collection
- CS-Conference Papers(학술회의논문)
- Files in This Item
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 16 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.