Security vulnerability assessment for software version upgrade

2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD) Pub Date : 2017-06-01 DOI:10.1109/SNPD.2017.8022734

Sirikwan Treetippayaruk, T. Senivongse

{"title":"Security vulnerability assessment for software version upgrade","authors":"Sirikwan Treetippayaruk, T. Senivongse","doi":"10.1109/SNPD.2017.8022734","DOIUrl":null,"url":null,"abstract":"Software installed on a computer does have security vulnerabilities to which an attacker can have access and do harm to the computer. It is known to be a good practice to install updates or upgrade versions of the software regularly to improve features, stability, and security, but often those updates and upgrades are ignored or delayed for several reasons. In addition, the new releases may come with some other vulnerabilities themselves. The motivation of this paper is to give information to computer users about the impact of software upgrade in terms of severity of the vulnerabilities that would result from the upgrade, in comparison with that of the vulnerabilities of the currently installed software. We propose a method to assess security vulnerabilities of the installed and the latest versions based on the CVSS vulnerability scoring system. Severity of vulnerabilities will be reported to suggest whether the upgrade is really needed to improve security. We also present an assessment tool that supports both personal and corporate use.","PeriodicalId":186094,"journal":{"name":"2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","volume":"469 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SNPD.2017.8022734","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

Abstract

Software installed on a computer does have security vulnerabilities to which an attacker can have access and do harm to the computer. It is known to be a good practice to install updates or upgrade versions of the software regularly to improve features, stability, and security, but often those updates and upgrades are ignored or delayed for several reasons. In addition, the new releases may come with some other vulnerabilities themselves. The motivation of this paper is to give information to computer users about the impact of software upgrade in terms of severity of the vulnerabilities that would result from the upgrade, in comparison with that of the vulnerabilities of the currently installed software. We propose a method to assess security vulnerabilities of the installed and the latest versions based on the CVSS vulnerability scoring system. Severity of vulnerabilities will be reported to suggest whether the upgrade is really needed to improve security. We also present an assessment tool that supports both personal and corporate use.

查看原文本刊更多论文

软件版本升级安全漏洞评估

安装在计算机上的软件确实存在安全漏洞，攻击者可以访问这些漏洞并对计算机造成损害。众所周知，定期安装更新或升级软件版本以改进功能、稳定性和安全性是一种很好的做法，但由于一些原因，这些更新和升级经常被忽略或延迟。此外，新版本本身可能会带来一些其他漏洞。本文的动机是通过与当前安装的软件的漏洞进行比较，向计算机用户提供软件升级所带来的漏洞严重程度方面的影响信息。提出了一种基于CVSS漏洞评分系统对已安装和最新版本的安全漏洞进行评估的方法。将报告漏洞的严重程度，以建议是否真的需要升级以提高安全性。我们还提供了一个同时支持个人和公司使用的评估工具。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)

自引率

0.00%

发文量