Vulnerability Detection is Just the BeginningDoctoral Symposium
Vulnerability detection and management plays a key role in secure software development. There are many different vulnerability detection tools and techniques to choose from, and insufficient information on which techniques to use and when. The goal of this research is to assist software teams in developing tactics and strategies for reducing security risk through empirical analysis of vulnerability detection, fixes, and exploitability. We will examine the relationships between the vulnerability detection technique used to find a vulnerability, the type of vulnerability found, the exploitability of the vulnerability, and the effort needed to fix a vulnerability on two projects where we ensure all vulnerabilities found have been fixed. We will then examine how these relationships are seen in Open Source Software more broadly where practitioners may use different vulnerability detection techniques, or may not fix all vulnerabilities found due to resource constraints.
Mon 24 MayDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
18:50 - 20:20 | Late PhD #2DS - Doctoral Symposium at DS Room 1 Chair(s): Sebastian Uchitel Universidad de Buenos Aires / Imperial College Advisor(s): Nazareno AguirreUniversity of Rio Cuarto and CONICET, Tevfik BultanUniversity of California, Santa Barbara, Betty H.C. ChengMichigan State University | ||
18:50 30mDoctoral symposium paper | Vulnerability Detection is Just the BeginningDoctoral Symposium DS - Doctoral Symposium Sarah Elder North Carolina State University Pre-print | ||
19:20 30mDoctoral symposium paper | High-Quality Automated Program RepairDoctoral Symposium DS - Doctoral Symposium Manish Motwani University of Massachusetts, Amherst Pre-print | ||
19:50 30mDoctoral symposium paper | On the Interplay Between Static and Dynamic Analysis for Mining SandboxesDoctoral Symposium DS - Doctoral Symposium Francisco Costa University of BrasÃlia, Brazil Pre-print | ||