MbrlCatalogueTitleDetail

Do you wish to reserve the book?
A hierarchical model for quantifying software security based on static analysis alerts and software metrics
A hierarchical model for quantifying software security based on static analysis alerts and software metrics
by Siavvas Miltiadis , Tzovaras Dimitrios , Gelenbe Erol , Kehagias Dionysios
in Applications programs / Automation / Computer aided software engineering / Decision making / Enumeration / Evaluation / Level indicators / Open source software / Reliability engineering / Repositories / Security / Software development / Software engineering / Source code / Thresholds
2021
Yes Please
Hey, we have placed the reservation for you!
Hey, we have placed the reservation for you!
By the way, why not check out events that you can attend while you pick your title.
You are currently in the queue to collect this book. You will be notified once it is your turn to collect the book.
Done
Oops! Something went wrong.
Oops! Something went wrong.
Looks like we were not able to place the reservation. Kindly try again later.
Done
Are you sure you want to remove the book from the shelf?
A hierarchical model for quantifying software security based on static analysis alerts and software metrics
by Siavvas Miltiadis , Tzovaras Dimitrios , Gelenbe Erol , Kehagias Dionysios
in Applications programs / Automation / Computer aided software engineering / Decision making / Enumeration / Evaluation / Level indicators / Open source software / Reliability engineering / Repositories / Security / Software development / Software engineering / Source code / Thresholds
2021
Confirm
Oops! Something went wrong.
Oops! Something went wrong.
While trying to remove the title from your shelf something went wrong :( Kindly try again later!
Done
Title added to your shelf!
Title added to your shelf!
View what I already have on My Shelf.
Thanks
Oops! Something went wrong.
Oops! Something went wrong.
While trying to add the title to your shelf something went wrong :( Kindly try again later!
Done
Do you wish to request the book?
A hierarchical model for quantifying software security based on static analysis alerts and software metrics
A hierarchical model for quantifying software security based on static analysis alerts and software metrics
by Siavvas Miltiadis , Tzovaras Dimitrios , Gelenbe Erol , Kehagias Dionysios
in Applications programs / Automation / Computer aided software engineering / Decision making / Enumeration / Evaluation / Level indicators / Open source software / Reliability engineering / Repositories / Security / Software development / Software engineering / Source code / Thresholds
2021

Please be aware that the book you have requested cannot be checked out. If you would like to checkout this book, you can reserve another copy
How would you like to get it?
We have requested the book for you! Sorry the robot delivery is not available at the moment
Submit
We have requested the book for you!
We have requested the book for you!
Your request is successful and it will be processed during the Library working hours. Please check the status of your request in My Requests.
Done
Oops! Something went wrong.
Oops! Something went wrong.
Looks like we were not able to place your request. Kindly try again later.
Done
Mohammed Bin Rashid Library /
Catalogue /
A hierarchical model for quantifying software security based on static analysis alerts and software metrics
A hierarchical model for quantifying software security based on static analysis alerts and software metrics
Journal Article

A hierarchical model for quantifying software security based on static analysis alerts and software metrics

Siavvas Miltiadis,
Tzovaras Dimitrios,
Gelenbe Erol,
Kehagias Dionysios
2021
Request Book From Autostore and Choose the Collection Method
Overview
Despite the acknowledged importance of quantitative security assessment in secure software development, current literature still lacks an efficient model for measuring internal software security risk. To this end, in this paper, we introduce a hierarchical security assessment model (SAM), able to assess the internal security level of software products based on low-level indicators, i.e., security-relevant static analysis alerts and software metrics. The model, following the guidelines of ISO/IEC 25010, and based on a set of thresholds and weights, systematically aggregates these low-level indicators in order to produce a high-level security score that reflects the internal security level of the analyzed software. The proposed model is practical, since it is fully automated and operationalized in the form of a standalone tool and as part of a broader Computer-Aided Software Engineering (CASE) platform. In order to enhance its reliability, the thresholds of the model were calibrated based on a repository of 100 popular software applications retrieved from Maven Repository. Furthermore, its weights were elicited in a way to chiefly reflect the knowledge expressed by the Common Weakness Enumeration (CWE), through a novel weights elicitation approach grounded on popular decision-making techniques. The proposed model was evaluated on a large repository of 150 open-source software applications retrieved from GitHub and 1200 classes retrieved from the OWASP Benchmark. The results of the experiments revealed the capacity of the proposed model to reliably assess internal security at both product level and class level of granularity, with sufficient discretion power. They also provide preliminary evidence for the ability of the model to be used as the basis for vulnerability prediction. To the best of our knowledge, this is the first fully automated, operationalized and sufficiently evaluated security assessment model in the modern literature.
Share this book
Add to My Shelf
Publisher
Springer Nature B.V
Subject

Applications programs

/ Automation

/ Computer aided software engineering

/ Decision making

/ Enumeration

/ Evaluation

/ Level indicators

/ Open source software

/ Reliability engineering

/ Repositories

/ Security

/ Software development

/ Software engineering

/ Source code

/ Thresholds

MBRLCatalogueRelatedBooks

Related Items

Related Items

Advances in automation III : proceedings of the International Russian Automation Conference, RusAutoCon2021, September 5-11, 2021, Sochi, Russia
International Russian Automation Conference (2022 : Sochi, Russia), Radionov, Andrey A., editor, Gasiyarov, Vadim R., editor
The industrialization of intelligence : mind and machine in the modern age
The industrialization of intelligence : mind and machine in the modern age
Kennedy, Noah, 1956- author
Quicken 2017 : the official guide
Sandberg, Bobbi, author
Learn Apple HomeKit on iOS : a home automation guide for developers, designers, and homeowners
Feiler, Jesse, author
Office 365
Withee, Rosemarie, author, Withee, Ken, author, Reed, Jennifer, author
A review of the next generation air transportation system : implications and importance of system architecture
Liddle, David E. editor, Millett, Lynette I., editor, و اكثر