Advanced

Identifying, Prioritizing and Evaluating Vulnerabilities in Third Party Code

Cobleigh, Alexander; Hell, Martin LU ; Karlsson, Linus LU ; Reimer, Oscar LU ; Sönnerup, Jonathan LU and Wisenhoff, Daniel LU (2018) In IEEE 22nd International Enterprise Distributed Object Computing Workshop
Abstract (Swedish)
We demonstrate a tool for identifying, prioritizing and evaluating vulnerabilities in software. The tool aims to improve security in products by making maintenance more efficient and robust. Software components and release versions are matched with vulnerability information from open resources. The results are visualized on several different levels, ranging from product portfolio and individual products, to specific releases and vulnerabilities. The tool keeps track of how security evolves over time in deployed releases, and also how the maintenance organization progresses in evaluating new vulnerabilities. This will result in more efficient, accurate, and robust security analysis and awareness within the organization, and the anticipated... (More)
We demonstrate a tool for identifying, prioritizing and evaluating vulnerabilities in software. The tool aims to improve security in products by making maintenance more efficient and robust. Software components and release versions are matched with vulnerability information from open resources. The results are visualized on several different levels, ranging from product portfolio and individual products, to specific releases and vulnerabilities. The tool keeps track of how security evolves over time in deployed releases, and also how the maintenance organization progresses in evaluating new vulnerabilities. This will result in more efficient, accurate, and robust security analysis and awareness within the organization, and the anticipated long term effect is more secure products. (Less)
Please use this url to cite or link to this publication:
author
organization
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
in press
subject
in
IEEE 22nd International Enterprise Distributed Object Computing Workshop
pages
4 pages
publisher
IEEE--Institute of Electrical and Electronics Engineers Inc.
language
English
LU publication?
yes
id
3ea97fa3-931f-491a-8308-4bb7de87e21c
date added to LUP
2018-08-08 11:20:40
date last changed
2018-08-09 13:43:20
@inproceedings{3ea97fa3-931f-491a-8308-4bb7de87e21c,
  abstract     = {We demonstrate a tool for identifying, prioritizing and evaluating vulnerabilities in software. The tool aims to improve security in products by making maintenance more efficient and robust. Software components and release versions are matched with vulnerability information from open resources. The results are visualized on several different levels, ranging from product portfolio and individual products, to specific releases and vulnerabilities. The tool keeps track of how security evolves over time in deployed releases, and also how the maintenance organization progresses in evaluating new vulnerabilities. This will result in more efficient, accurate, and robust security analysis and awareness within the organization, and the anticipated long term effect is more secure products.},
  author       = {Cobleigh, Alexander and Hell, Martin and Karlsson, Linus and Reimer, Oscar and Sönnerup, Jonathan and Wisenhoff, Daniel},
  booktitle    = {IEEE 22nd International Enterprise Distributed Object Computing Workshop},
  language     = {eng},
  pages        = {4},
  publisher    = {IEEE--Institute of Electrical and Electronics Engineers Inc.},
  title        = {Identifying, Prioritizing and Evaluating Vulnerabilities in Third Party Code},
  year         = {2018},
}