Enhancing Trust – Software Vulnerability Analysis Framework

Abstract

Open source projects and the globalization of the software industry have been a driving force in reuse of system components across traditional system boundaries. As a result, vulnerabilities and security concerns are no longer only impact individual but now also global software ecosystems. Known vulnerabilities and security concerns are reported in specialized vulnerability databases, which often remain information silos. In my PhD research, I introduce a modeling approach, which eliminates these information silos by linking the security knowledge with other software artifacts to improve traceability and trust in software products.