Cybersecurity and Software Assurance

Permanent URI for this collection


Recent Submissions

Now showing 1 - 4 of 4
  • Item
    Estimating Software Vulnerability Counts in the Context of Cyber Risk Assessments
    ( 2018-01-03) Llanso, Thomas ; McNeil, Martha
    Stakeholders often conduct cyber risk assessments as a first step towards understanding and managing their risks due to cyber use. Many risk assessment methods in use today include some form of vulnerability analysis. Building on prior research and combining data from several sources, this paper develops and applies a metric to estimate the proportion of latent vulnerabilities to total vulnerabilities in a software system and applies the metric to five scenarios involving software on the scale of operating systems. The findings suggest caution in interpreting the results of cyber risk methodologies that depend on enumerating known software vulnerabilities because the number of unknown vulnerabilities in large-scale software tends to exceed known vulnerabilities.
  • Item
    An Empirical Study of Security Issues Posted in Open Source Projects
    ( 2018-01-03) Zahedi, Mansooreh ; Ali Babar, Muhammad ; Treude, Christoph
    When developers gain thorough understanding and knowledge of software security, they can produce more secure software. This study aims at empirically identifying and understanding the security issues posted on a random sample of GitHub repositories. We tried to understand the presence of security issues and their key themes and topics. We applied a mixed-methods approach, combining topic modeling techniques and qualitative analysis. Our findings have revealed that a) the rate of security-related issues was rather small (approx. 3% of all issues), b) the majority of the security issues were related to identity management and cryptography topics. We present 7 high-level themes of problems that developers face in implementing security features.
  • Item
    Secure Data Communication via Lingual Transformation
    ( 2018-01-03) Johnson, Jeffrey ; Houghton, Robert ; Hilton, Thomas ; Cheah, Kwok Fai
    This paper proposes a new form of data communication that is similar to slang in human language. Using the context of the conversation instead of an encryption key, nodes in a network develop a unique alternative language to disguise the real meaning of the communication between them. Implementation of such a system, and its potential benefits and challenges are discussed.
  • Item
    Introduction to the Minitrack on Cyber Security and Software Assurance
    ( 2018-01-03) Goldrich, Luanne ; Llanso, Thomas ; George, Richard