SOFTWARE VULNERABILITY MANAGEMENT SYSTEM
DOI:
https://doi.org/10.24867/06BE13KovacevicKeywords:
Threat modelling, Data flow diagram, Knowledge base, NVD, CPE, CVE, XMLAbstract
This paper presents implementation of the Software Vulnerability Management System. Description of the mechanisms for detecting publicly known vulnerabilities is given.
References
[1] Rosziati Ibrahim, Siow Yen Yen, „Formalization of the data flow diagram rules for consistency check“, Internationanal Journal of Software Engineering & Applications (IJSEA), 2010
[2] Suvda Myagmar, Adam J. Lee, William Yurcik, „Threat Modeling as a Basic for Security Requirements“, National Center for Supercomputing Applications (NCSA)
[3] Adam Shostack, „Experiences Threat Modeling in Microsoft“, Microsoft
[4] Marwan Abi-Antoun, Daniel Wang, Peter Torr, „Checking Threat Modeling Data Flow Diagrams for Implementation Conformance and Security“
[5] https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf (приступљено у септембру 2019)
[6] CVE Official Specification, https://cve.mitre.org/
[7] https://nvd.nist.gov/general (приступљено у септембру 2019)
[8] Clement Elbaz, Louis Rilling, Christine Moris, „Towards Automated Risk Analysis of "One-day" Vulnerabilities“
[9] https://www.first.org/cvss/specification-document (приступљено у септембру 2019)
[10] https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool (приступљено у септембру 2019)
[11] Немања Миладиновић, Проналажење рањивости у софтверу на основу дијаграма тока података, Fakultet tehničkih nauka, Novi Sad, 2017.
[2] Suvda Myagmar, Adam J. Lee, William Yurcik, „Threat Modeling as a Basic for Security Requirements“, National Center for Supercomputing Applications (NCSA)
[3] Adam Shostack, „Experiences Threat Modeling in Microsoft“, Microsoft
[4] Marwan Abi-Antoun, Daniel Wang, Peter Torr, „Checking Threat Modeling Data Flow Diagrams for Implementation Conformance and Security“
[5] https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf (приступљено у септембру 2019)
[6] CVE Official Specification, https://cve.mitre.org/
[7] https://nvd.nist.gov/general (приступљено у септембру 2019)
[8] Clement Elbaz, Louis Rilling, Christine Moris, „Towards Automated Risk Analysis of "One-day" Vulnerabilities“
[9] https://www.first.org/cvss/specification-document (приступљено у септембру 2019)
[10] https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool (приступљено у септембру 2019)
[11] Немања Миладиновић, Проналажење рањивости у софтверу на основу дијаграма тока података, Fakultet tehničkih nauka, Novi Sad, 2017.
Downloads
Published
2019-12-23
Issue
Section
Electrotechnical and Computer Engineering
