Works (10)
Updated: April 4th, 2024 07:10
2023 article
Do Software Security Practices Yield Fewer Vulnerabilities?
2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE, ICSE-SEIP, pp. 292–303.
TL;DR:
Five supervised machine learning models for npm and PyPI packages were developed using the OpenSSF Scorecard security practices scores and aggregate security scores as predictors and the number of externally-reported vulnerabilities as a target variable, finding that four security practices were the most important practices influencing vulnerability count.
(via Semantic Scholar)
arxiv.org (repository)
Sources: Web Of Science, NC State University Libraries
Added: August 21, 2023
2023 conference paper
Do Software Security Practices Yield Fewer Vulnerabilities?
Source: ORCID
Added: January 22, 2024
2023 journal article
OpenSSF Scorecard: On the Path Toward Ecosystem-Wide Automated Security Metrics
IEEE SECURITY & PRIVACY, 21(6), 76–88.
author keywords: Security; Software measurement; Software development management; Open source software; Ecosystems; Task analysis; Standards
TL;DR:
This study evaluates the applicability of the Scorecard tool and compares the security practices and gaps in the npm and PyPI ecosystems.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
15. Life on Land
(OpenAlex)
Sources: ORCID, Web Of Science, NC State University Libraries
Added: February 11, 2024
2023 journal article
Software Bills of Materials Are Required. Are We There Yet?
IEEE Security &Amp; Privacy, 21(2), 82–88.
TL;DR:
The top five benefits and challenges of adopting software bill of materials (SBOM) are outlined, identified by reviewing 200 Internet articles.
(via Semantic Scholar)
Source: ORCID
Added: January 2, 2024
2023 article
Software Supply Chain Risk Assessment Framework
2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: COMPANION PROCEEDINGS, ICSE-COMPANION, pp. 251–255.
author keywords: Software supply chain security; security metrics; weak link signal; risk assessment framework
TL;DR:
The thesis presents research on software security metrics evaluation in different ecosystems by leveraging software security frameworks, malicious attack vectors, and the OpenSSF Scorecard project to detect the implementation of secure practices and their significance to security outcomes.
(via Semantic Scholar)
Sources: Web Of Science, NC State University Libraries
Added: August 28, 2023
2022 journal article
Comparing Effectiveness and Efficiency of Interactive Application Security Testing (Iast) and Runtime Application Self-Protection (Rasp) Tools in A Large Java-Based System
SSRN Electronic Journal.
Source: ORCID
Added: January 22, 2024
2022 journal article
Do I really need all this work to find vulnerabilities? An empirical case study comparing vulnerability detection techniques on a Java application
EMPIRICAL SOFTWARE ENGINEERING, 27(6).
author keywords: Vulnerability Management; Web Application Security; Penetration Testing; Vulnerability Scanners
TL;DR:
The goal of this research is to assist managers and other decision-makers in making informed choices about the use of software vulnerability detection techniques through an empirical study of the efficiency and effectiveness of four techniques on a Java-based web application.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
3. Good Health and Well-being
(Web of Science)
16. Peace, Justice and Strong Institutions
(OpenAlex)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: August 22, 2022
2022 article
OpenSSF Scorecard: On the Path Toward Ecosystem-wide Automated Security Metrics
TL;DR:
The OpenSSF Scorecard project was used to understand the security practices and gaps in npm and PyPI ecosystems and to confirm the applicability of the Scorecard tool.
(via Semantic Scholar)
UN Sustainable Development Goal Categories
15. Life on Land
(OpenAlex)
Source: ORCID
Added: January 22, 2024
2022 article
What are Weak Links in the npm Supply Chain?
2022 ACM/IEEE 44TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE (ICSE-SEIP 2022), pp. 331–340.
author keywords: Software Ecosystem; Supply Chain Security; npm; Weak link Signal
TL;DR:
The metadata of 1.63 million JavaScript npm packages was analyzed and six signals of security weaknesses in a software supply chain, such as the presence of install scripts, maintainer accounts associated with an expired email domain, and inactive packages with inactive maintainers were proposed.
(via Semantic Scholar)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: September 19, 2022
2021 article
Structuring a Comprehensive Software Security Course Around the OWASP Application Security Verification Standard
2021 IEEE/ACM 43RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: JOINT TRACK ON SOFTWARE ENGINEERING EDUCATION AND TRAINING (ICSE-JSEET 2021), pp. 95–104.
author keywords: Security and Protection; Computer and Information Science Education; Industry-Standards
TL;DR:
A theme of the course assignments was to map vulnerability discovery to the security controls of the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS), and this mapping may have increased students' depth of understanding of a wider range of security topics.
(via Semantic Scholar)
Sources: Web Of Science, ORCID, NC State University Libraries
Added: November 1, 2021
Education
Updated: April 18th, 2023 09:54
2020 - present
North Carolina State University Raleigh, North Carolina, US
Computer Science
Citation Index includes data from a number of different sources. If you have questions about the sources of data in the Citation Index or need a set of data which is free to re-distribute, please contact us.
Certain data included herein are derived from the Web of Science© and InCites© (2024) of Clarivate Analytics. All rights reserved. You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.
