{"title":"通过细化分类法来理解漏洞","authors":"Nurul Haszeli Ahmad, S. A. Aljunid, J. Manan","doi":"10.1109/ISIAS.2011.6122789","DOIUrl":null,"url":null,"abstract":"Since early 90s, experts have proposed various ways to prevent exploitations and avoid releasing software with vulnerabilities. One way is through educating developers with information on known vulnerabilities using taxonomy of vulnerabilities as a guide. However, the guide using taxonomy of vulnerabilities has not shown to mitigate the issues. One possibility is due to the existence of gaps in producing the right and comprehensive taxonomy for software vulnerabilities. We studied various available taxonomies on software vulnerabilities. In this paper we propose and discuss our own criteria for taxonomy of software vulnerabilities with some improvement with particular emphasis on C programming.","PeriodicalId":139268,"journal":{"name":"2011 7th International Conference on Information Assurance and Security (IAS)","volume":"65 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Understanding vulnerabilities by refining taxonomy\",\"authors\":\"Nurul Haszeli Ahmad, S. A. Aljunid, J. Manan\",\"doi\":\"10.1109/ISIAS.2011.6122789\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Since early 90s, experts have proposed various ways to prevent exploitations and avoid releasing software with vulnerabilities. One way is through educating developers with information on known vulnerabilities using taxonomy of vulnerabilities as a guide. However, the guide using taxonomy of vulnerabilities has not shown to mitigate the issues. One possibility is due to the existence of gaps in producing the right and comprehensive taxonomy for software vulnerabilities. We studied various available taxonomies on software vulnerabilities. In this paper we propose and discuss our own criteria for taxonomy of software vulnerabilities with some improvement with particular emphasis on C programming.\",\"PeriodicalId\":139268,\"journal\":{\"name\":\"2011 7th International Conference on Information Assurance and Security (IAS)\",\"volume\":\"65 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 7th International Conference on Information Assurance and Security (IAS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISIAS.2011.6122789\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 7th International Conference on Information Assurance and Security (IAS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISIAS.2011.6122789","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Understanding vulnerabilities by refining taxonomy
Since early 90s, experts have proposed various ways to prevent exploitations and avoid releasing software with vulnerabilities. One way is through educating developers with information on known vulnerabilities using taxonomy of vulnerabilities as a guide. However, the guide using taxonomy of vulnerabilities has not shown to mitigate the issues. One possibility is due to the existence of gaps in producing the right and comprehensive taxonomy for software vulnerabilities. We studied various available taxonomies on software vulnerabilities. In this paper we propose and discuss our own criteria for taxonomy of software vulnerabilities with some improvement with particular emphasis on C programming.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
