Bruna Vuicik Mocelin, Kleinner Farias, L. Gonçales, Vinícius Bischoff
{"title":"改进易受攻击组件的识别过程:决定更新","authors":"Bruna Vuicik Mocelin, Kleinner Farias, L. Gonçales, Vinícius Bischoff","doi":"10.1145/3229345.3229391","DOIUrl":null,"url":null,"abstract":"Applications 1 may contain vulnerabilities for a variety of reasons, one of which is the use of vulnerable components. One of the solutions adopted to eliminate the vulnerabilities inserted by such components is to update the component to a more recent version that corrects the vulnerability. However, updating a component may require code refactoring, updating other components and inserting new vulnerabilities in the application. There are several tools that perform the analysis and management of dependencies of the projects, but few tools present information about vulnerabilities of the new versions, incompatibilities and updates of the dependencies of the components. This article, therefore, presents dep|ct (depict), a tool that aims to identify the known vulnerable components used by the applications and help in the decision on the updating of such components, in order to mitigate the vulnerabilities added to the projects through the vulnerable dependencies. Results of the empirical evaluation carried out on two projects show that the tool can be used to assist in deciding on the update of known vulnerable components.","PeriodicalId":284178,"journal":{"name":"Proceedings of the XIV Brazilian Symposium on Information Systems","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Improvements to the Identification Process of Vulnerable Components: Deciding About Updates\",\"authors\":\"Bruna Vuicik Mocelin, Kleinner Farias, L. Gonçales, Vinícius Bischoff\",\"doi\":\"10.1145/3229345.3229391\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Applications 1 may contain vulnerabilities for a variety of reasons, one of which is the use of vulnerable components. One of the solutions adopted to eliminate the vulnerabilities inserted by such components is to update the component to a more recent version that corrects the vulnerability. However, updating a component may require code refactoring, updating other components and inserting new vulnerabilities in the application. There are several tools that perform the analysis and management of dependencies of the projects, but few tools present information about vulnerabilities of the new versions, incompatibilities and updates of the dependencies of the components. This article, therefore, presents dep|ct (depict), a tool that aims to identify the known vulnerable components used by the applications and help in the decision on the updating of such components, in order to mitigate the vulnerabilities added to the projects through the vulnerable dependencies. Results of the empirical evaluation carried out on two projects show that the tool can be used to assist in deciding on the update of known vulnerable components.\",\"PeriodicalId\":284178,\"journal\":{\"name\":\"Proceedings of the XIV Brazilian Symposium on Information Systems\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-06-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the XIV Brazilian Symposium on Information Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3229345.3229391\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the XIV Brazilian Symposium on Information Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3229345.3229391","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Improvements to the Identification Process of Vulnerable Components: Deciding About Updates
Applications 1 may contain vulnerabilities for a variety of reasons, one of which is the use of vulnerable components. One of the solutions adopted to eliminate the vulnerabilities inserted by such components is to update the component to a more recent version that corrects the vulnerability. However, updating a component may require code refactoring, updating other components and inserting new vulnerabilities in the application. There are several tools that perform the analysis and management of dependencies of the projects, but few tools present information about vulnerabilities of the new versions, incompatibilities and updates of the dependencies of the components. This article, therefore, presents dep|ct (depict), a tool that aims to identify the known vulnerable components used by the applications and help in the decision on the updating of such components, in order to mitigate the vulnerabilities added to the projects through the vulnerable dependencies. Results of the empirical evaluation carried out on two projects show that the tool can be used to assist in deciding on the update of known vulnerable components.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
