SOFTWARE VULNERABILITY MONITORING SYSTEM
DOI:
https://doi.org/10.24867/15BE23CvetanovicKeywords:
NVD, CVSS, CVE, vulnerability, dependencyAbstract
This paper describes a system for monitoring vulnerabilities in a software. The basic concepts and mechanisms by which it is possible to publicly identify vulnerabilities in a software are explained. The system model and steps in the operation of the system are described. Finally, there are concluding considerations and directions that the further development of this tool could be done.
References
[1] Jose Carlos Coelho Martins da Fonseca, Marco Vieira, and Henrique Madeira, “Evaluation of Web Security Mechanisms Using Vulnerability & Attack Injection ”, IEEE Transactions on depandable and soft computing, 2013.
[2] https://resources.whitesourcesoftware.com/blog-whitesource/owasp-a9-using-components-with-known-vulnerabilities (pristupljeno pristupljeno u maju 2021)
[3] Serena Elisa Ponta, Henrik Plate, “Detection assessment and mitigation of vulnerabilities in open source dependencies, 2020.
[4] Minzhe Gou, Ju An Wang, “An Ontology-based Approach to Model Common Vulnerabilities and Exposures in Information Security”, ASEE Southeast Section Conference, 2009.
[5] https://ce.mitre.org/cve/identifiers/index.html, (pristupljen pristupljeno u maju 2021)
[6] Harold Booth, Doug Rike and Greg Witte, “The National Vulnerability Database (NVD): Overview”, 2013.
[7] https://resources.whitesourcesoftware.com/blog-whitesource/the-national-vulnerability-database-explained, (pristupljeno u maju 2021)
[8] Peter Mell, Karen Scarfone, Sasha Romanosky, “An Analysis of CVSS Version 2 Vulnerability Scoring”, Third International Symposium on Empirical Software Engineering and Measurement, 2006.
[9] Peter Mell, Karen Scarfone, Sasha Romanosky, A Complete Guide to the Common Vulnerability Scoring System Version 2.0, 2007.
[10] J. A. D. C. A. Jayakody, A. K. A. Perera, G. L. A. K. N. Perera, “Web-application Security Evaluation as a Service with Cloud Native Environment Support”, International Conference on Advancements in Computing (ICAC), 2019.
[11] Dimitris Mitropoulos, Vassilios Karakoidas, Panos Louridas, Georgios Gousios, Diomidis Spinellis, “The Bug Catalog of the Maven Ecosystem”, 2014.
[12] Ivan Pashchenko, Henrik Plate, Serena Elisa Ponta, Antonino Sabetta and Fabio Massacci, “Vulnerable Open Source Dependencies: Counting Those That Matter”, Proceedings of the 12th International Symposium on Empirical Software Engineering and Measurement (ESEM), 2018.
[13]https://maven.apache.org/guides/introduction/introduction-to-the-pom.html (pristupljeno u junu 2021)
[2] https://resources.whitesourcesoftware.com/blog-whitesource/owasp-a9-using-components-with-known-vulnerabilities (pristupljeno pristupljeno u maju 2021)
[3] Serena Elisa Ponta, Henrik Plate, “Detection assessment and mitigation of vulnerabilities in open source dependencies, 2020.
[4] Minzhe Gou, Ju An Wang, “An Ontology-based Approach to Model Common Vulnerabilities and Exposures in Information Security”, ASEE Southeast Section Conference, 2009.
[5] https://ce.mitre.org/cve/identifiers/index.html, (pristupljen pristupljeno u maju 2021)
[6] Harold Booth, Doug Rike and Greg Witte, “The National Vulnerability Database (NVD): Overview”, 2013.
[7] https://resources.whitesourcesoftware.com/blog-whitesource/the-national-vulnerability-database-explained, (pristupljeno u maju 2021)
[8] Peter Mell, Karen Scarfone, Sasha Romanosky, “An Analysis of CVSS Version 2 Vulnerability Scoring”, Third International Symposium on Empirical Software Engineering and Measurement, 2006.
[9] Peter Mell, Karen Scarfone, Sasha Romanosky, A Complete Guide to the Common Vulnerability Scoring System Version 2.0, 2007.
[10] J. A. D. C. A. Jayakody, A. K. A. Perera, G. L. A. K. N. Perera, “Web-application Security Evaluation as a Service with Cloud Native Environment Support”, International Conference on Advancements in Computing (ICAC), 2019.
[11] Dimitris Mitropoulos, Vassilios Karakoidas, Panos Louridas, Georgios Gousios, Diomidis Spinellis, “The Bug Catalog of the Maven Ecosystem”, 2014.
[12] Ivan Pashchenko, Henrik Plate, Serena Elisa Ponta, Antonino Sabetta and Fabio Massacci, “Vulnerable Open Source Dependencies: Counting Those That Matter”, Proceedings of the 12th International Symposium on Empirical Software Engineering and Measurement (ESEM), 2018.
[13]https://maven.apache.org/guides/introduction/introduction-to-the-pom.html (pristupljeno u junu 2021)
Downloads
Published
2021-11-08
Issue
Section
Electrotechnical and Computer Engineering
