Advanced

Analysis of software vulnerabilities through historical data

Törnquist, Magnus LU (2017) EITM01 20162
Department of Electrical and Information Technology
Abstract
Software security has become an increasingly hot topic of debate during the last few years of cyberattacks, especially now that we are entering the era of Internet of Things. How does the developer of a product decide which software to include from a security perspective and is it possible to create a tool for software comparison that the developer could use for this purpose? The aim of this thesis is to investigate which metrics are available for measuring the overall level of security in software and suggest ways in which these metrics can be used. This study is done partly by reviewing previous research on software security metrics and partly by analyzing metrics in different categories such as general metrics about the software,... (More)
Software security has become an increasingly hot topic of debate during the last few years of cyberattacks, especially now that we are entering the era of Internet of Things. How does the developer of a product decide which software to include from a security perspective and is it possible to create a tool for software comparison that the developer could use for this purpose? The aim of this thesis is to investigate which metrics are available for measuring the overall level of security in software and suggest ways in which these metrics can be used. This study is done partly by reviewing previous research on software security metrics and partly by analyzing metrics in different categories such as general metrics about the software, metrics based on historical data and more detailed metrics about the vulnerabilities in the software. A small survey is also performed to gather the opinions about some of these metrics from potential end-users of a scoring system. Ideas for scoring systems that can use these metrics are suggested, however no weights for these metrics are determined. The conclusion is that under current circumstances creating a good automated scoring system is difficult due to a lack of data, however there are exciting opportunities for continued research and ideas for new approaches are presented. (Less)
Please use this url to cite or link to this publication:
author
Törnquist, Magnus LU
supervisor
organization
alternative title
Analys av programvarusäkerhet baserad på historiska data
course
EITM01 20162
year
type
H2 - Master's Degree (Two Years)
subject
keywords
software security, computer engineering, vulnerability metrics
report number
LU/LTH-EIT 2017-598
language
English
id
8923711
date added to LUP
2017-09-20 15:53:13
date last changed
2017-09-20 15:53:13
@misc{8923711,
  abstract     = {Software security has become an increasingly hot topic of debate during the last few years of cyberattacks, especially now that we are entering the era of Internet of Things. How does the developer of a product decide which software to include from a security perspective and is it possible to create a tool for software comparison that the developer could use for this purpose? The aim of this thesis is to investigate which metrics are available for measuring the overall level of security in software and suggest ways in which these metrics can be used. This study is done partly by reviewing previous research on software security metrics and partly by analyzing metrics in different categories such as general metrics about the software, metrics based on historical data and more detailed metrics about the vulnerabilities in the software. A small survey is also performed to gather the opinions about some of these metrics from potential end-users of a scoring system. Ideas for scoring systems that can use these metrics are suggested, however no weights for these metrics are determined. The conclusion is that under current circumstances creating a good automated scoring system is difficult due to a lack of data, however there are exciting opportunities for continued research and ideas for new approaches are presented.},
  author       = {Törnquist, Magnus},
  keyword      = {software security,computer engineering,vulnerability metrics},
  language     = {eng},
  note         = {Student Paper},
  title        = {Analysis of software vulnerabilities through historical data},
  year         = {2017},
}