{"title":"软件采购法令安全风险的自动识别","authors":"R. N. Peclat, G. N. Ramos","doi":"10.1109/BRACIS.2016.057","DOIUrl":null,"url":null,"abstract":"Brazilian Federal Institutions must obtain software tools by procurement, requiring that their software teams develop, verify and audit their specifications to ensure that software security risks concerns are clearly included in edicts. This work presents the Automated Analyst of Edicts tool for aiding the analysis of such document by automatically identifying the absence of relationships between its sentences and software security risks or security weaknesses concepts. This tool was tested on over 100 documents and compared to software security experts' performance for multi-label classification into five of the OWASP Top Ten risks. Specificity of 83% was achieved when analyzing individual sentences for multiple risks, and 90% negative prediction probability when applied to specific risk sentence relationships.","PeriodicalId":183149,"journal":{"name":"2016 5th Brazilian Conference on Intelligent Systems (BRACIS)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Automatic Identification of Security Risks in Edicts for Software Procurement\",\"authors\":\"R. N. Peclat, G. N. Ramos\",\"doi\":\"10.1109/BRACIS.2016.057\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Brazilian Federal Institutions must obtain software tools by procurement, requiring that their software teams develop, verify and audit their specifications to ensure that software security risks concerns are clearly included in edicts. This work presents the Automated Analyst of Edicts tool for aiding the analysis of such document by automatically identifying the absence of relationships between its sentences and software security risks or security weaknesses concepts. This tool was tested on over 100 documents and compared to software security experts' performance for multi-label classification into five of the OWASP Top Ten risks. Specificity of 83% was achieved when analyzing individual sentences for multiple risks, and 90% negative prediction probability when applied to specific risk sentence relationships.\",\"PeriodicalId\":183149,\"journal\":{\"name\":\"2016 5th Brazilian Conference on Intelligent Systems (BRACIS)\",\"volume\":\"21 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 5th Brazilian Conference on Intelligent Systems (BRACIS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/BRACIS.2016.057\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 5th Brazilian Conference on Intelligent Systems (BRACIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/BRACIS.2016.057","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Automatic Identification of Security Risks in Edicts for Software Procurement
Brazilian Federal Institutions must obtain software tools by procurement, requiring that their software teams develop, verify and audit their specifications to ensure that software security risks concerns are clearly included in edicts. This work presents the Automated Analyst of Edicts tool for aiding the analysis of such document by automatically identifying the absence of relationships between its sentences and software security risks or security weaknesses concepts. This tool was tested on over 100 documents and compared to software security experts' performance for multi-label classification into five of the OWASP Top Ten risks. Specificity of 83% was achieved when analyzing individual sentences for multiple risks, and 90% negative prediction probability when applied to specific risk sentence relationships.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
