diff --git a/example.bib b/example.bib new file mode 100644 index 0000000..42341b5 --- /dev/null +++ b/example.bib @@ -0,0 +1,41 @@ + +@Article{ dashevskyi.ea:vulnerability-screening:2018, + abstract = {Free and Open Source Software (FOSS) components are ubiquitous in both proprietary and open source + applications. Each time a vulnerability is disclosed in a FOSS component, a software vendor using this + an application must decide whether to update the FOSS component, patch the application itself, or just + do nothing as the vulnerability is not applicable to the older version of the FOSS component used. + This is particularly challenging for enterprise software vendors that consume thousands of FOSS + components and offer more than a decade of support and security fixes for their applications. + Moreover, customers expect vendors to react quickly on disclosed vulnerabilities---in case of widely + discussed vulnerabilities such as Heartbleed, within hours.\\\\To address this challenge, we propose a + screening test: a novel, automatic method based on thin slicing, for estimating quickly whether a + given vulnerability is present in a consumed FOSS component by looking across its entire repository. + We show that our screening test scales to large open source projects (e.g., Apache Tomcat, Spring + Framework, Jenkins) that are routinely used by large software vendors, scanning thousands of commits + and hundred thousands lines of code in a matter of minutes.\\\\Further, we provide insights on the + empirical probability that, on the above mentioned projects, a potentially vulnerable component might + not actually be vulnerable after all.}, + author = {Stanislav Dashevskyi and Achim D. Brucker and Fabio Massacci}, + doi = {10.1109/TSE.2018.2816033}, + journal = {{IEEE} Trans. Software Eng.}, + keywords = {Security maintenance; Security vulnerabilities; Free and Open Source Software}, + language = {USenglish}, + month = {oct}, + number = 10, + pages = {945--966}, + pdf = {https://www.brucker.ch/bibliography/download/2018/dashevskyi.ea-vulnerability-screening-2018.pdf}, + title = {A Screening Test for Disclosed Vulnerabilities in {FOSS} Components}, + url = {https://www.brucker.ch/bibliography/abstract/dashevskyi.ea-vulnerability-screening-2018}, + volume = 45, + year = 2019 +} + +@Book{ nipkow.ea:concrete:2014, + author = {Tobias Nipkow and Gerwin Klein}, + title = {Concrete Semantics - With Isabelle/HOL}, + publisher = {Springer}, + year = 2014, + doi = {10.1007/978-3-319-10542-0}, + isbn = {978-3-319-10541-3}, + timestamp = {Fri, 02 Nov 2018 09:27:06 +0100} +} diff --git a/example.tex b/example.tex new file mode 100644 index 0000000..e242271 --- /dev/null +++ b/example.tex @@ -0,0 +1,36 @@ +\documentclass[hideinfo]{epsrc} +\usepackage{lipsum} + + +%% The epsrc class uses BibLaTeX, which allows +%% for removing fields from bib-entries easily, +%% e.g., to shorten the space required for the +%% bibliography. + +\AtEveryBibitem{% + \clearfield{pages}% +} + +\type{Case for Support} +\addbibresource{example.bib}% + +\begin{document} +\maketitle + +\section{Previous Research Track Record} +\lipsum[1-3] + +Relevant author publication:~\citeapplicant{dashevskyi.ea:vulnerability-screening:2018} + +\clearpage + +\section{Description of Proposed Research and its Context} +\lipsum[4-8] + +This work could make use of Isabelle/HOL~\cite{nipkow.ea:concrete:2014}. + +\clearpage +% \twocolprintbibliography +\singlecolprintbibliography + +\end{document}