Initial commit.
This commit is contained in:
parent
f31c716bdf
commit
1b44266099
|
|
@ -0,0 +1,41 @@
|
|||
|
||||
@Article{ dashevskyi.ea:vulnerability-screening:2018,
|
||||
abstract = {Free and Open Source Software (FOSS) components are ubiquitous in both proprietary and open source
|
||||
applications. Each time a vulnerability is disclosed in a FOSS component, a software vendor using this
|
||||
an application must decide whether to update the FOSS component, patch the application itself, or just
|
||||
do nothing as the vulnerability is not applicable to the older version of the FOSS component used.
|
||||
This is particularly challenging for enterprise software vendors that consume thousands of FOSS
|
||||
components and offer more than a decade of support and security fixes for their applications.
|
||||
Moreover, customers expect vendors to react quickly on disclosed vulnerabilities---in case of widely
|
||||
discussed vulnerabilities such as Heartbleed, within hours.\\\\To address this challenge, we propose a
|
||||
screening test: a novel, automatic method based on thin slicing, for estimating quickly whether a
|
||||
given vulnerability is present in a consumed FOSS component by looking across its entire repository.
|
||||
We show that our screening test scales to large open source projects (e.g., Apache Tomcat, Spring
|
||||
Framework, Jenkins) that are routinely used by large software vendors, scanning thousands of commits
|
||||
and hundred thousands lines of code in a matter of minutes.\\\\Further, we provide insights on the
|
||||
empirical probability that, on the above mentioned projects, a potentially vulnerable component might
|
||||
not actually be vulnerable after all.},
|
||||
author = {Stanislav Dashevskyi and Achim D. Brucker and Fabio Massacci},
|
||||
doi = {10.1109/TSE.2018.2816033},
|
||||
journal = {{IEEE} Trans. Software Eng.},
|
||||
keywords = {Security maintenance; Security vulnerabilities; Free and Open Source Software},
|
||||
language = {USenglish},
|
||||
month = {oct},
|
||||
number = 10,
|
||||
pages = {945--966},
|
||||
pdf = {https://www.brucker.ch/bibliography/download/2018/dashevskyi.ea-vulnerability-screening-2018.pdf},
|
||||
title = {A Screening Test for Disclosed Vulnerabilities in {FOSS} Components},
|
||||
url = {https://www.brucker.ch/bibliography/abstract/dashevskyi.ea-vulnerability-screening-2018},
|
||||
volume = 45,
|
||||
year = 2019
|
||||
}
|
||||
|
||||
@Book{ nipkow.ea:concrete:2014,
|
||||
author = {Tobias Nipkow and Gerwin Klein},
|
||||
title = {Concrete Semantics - With Isabelle/HOL},
|
||||
publisher = {Springer},
|
||||
year = 2014,
|
||||
doi = {10.1007/978-3-319-10542-0},
|
||||
isbn = {978-3-319-10541-3},
|
||||
timestamp = {Fri, 02 Nov 2018 09:27:06 +0100}
|
||||
}
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
\documentclass[hideinfo]{epsrc}
|
||||
\usepackage{lipsum}
|
||||
|
||||
|
||||
%% The epsrc class uses BibLaTeX, which allows
|
||||
%% for removing fields from bib-entries easily,
|
||||
%% e.g., to shorten the space required for the
|
||||
%% bibliography.
|
||||
|
||||
\AtEveryBibitem{%
|
||||
\clearfield{pages}%
|
||||
}
|
||||
|
||||
\type{Case for Support}
|
||||
\addbibresource{example.bib}%
|
||||
|
||||
\begin{document}
|
||||
\maketitle
|
||||
|
||||
\section{Previous Research Track Record}
|
||||
\lipsum[1-3]
|
||||
|
||||
Relevant author publication:~\citeapplicant{dashevskyi.ea:vulnerability-screening:2018}
|
||||
|
||||
\clearpage
|
||||
|
||||
\section{Description of Proposed Research and its Context}
|
||||
\lipsum[4-8]
|
||||
|
||||
This work could make use of Isabelle/HOL~\cite{nipkow.ea:concrete:2014}.
|
||||
|
||||
\clearpage
|
||||
% \twocolprintbibliography
|
||||
\singlecolprintbibliography
|
||||
|
||||
\end{document}
|
||||
Loading…
Reference in New Issue