Vulnerability prealerting by monitoring the online repositories of open source projects

Software security plays a crucial role in the modern world governed by software. And while closed source projects can enjoy a sense of confidentiality when addressing security issues, open source projects undertake them publicly even though just as many projects rely on them. In 50% of documented cases, the vulnerabilities could have been...

Exploring the practice of organisational Security Patch Management from a socio-technical perspective: Using a Mixed Methods Approach to investigate IT-practitioners’ decision-making and patch activity

In the current digitalised society keeping assets secure is one of the most prominent challenges organisations face. In the ongoing arms race between attackers and defenders, software security patching is a well-recognised and effective strategy to mitigate vulnerabilities in software products. However, organisations struggle with the best...

Fixing vulnerabilities potentially hinders maintainability

Security is a requirement of utmost importance to produce high-quality software. However, there is still a considerable amount of vulnerabilities being discovered and fixed almost weekly. We hypothesize that developers affect the maintainability of their codebases when patching vulnerabilities. This paper evaluates the impact of patches to...

A security perspective on code review: The case of Chromium

Modern Code Review (MCR) is an established software development process that aims to improve software quality. Although evidence showed that higher levels of review coverage relates to less post-release bugs, it remains unknown the effectiveness of MCR at specifically finding security issues. We present a work we conduct aiming to fill that gap...

In Dependencies We Trust: How vulnerable are dependencies in software modules?

Web-enabled services hold valuable information that attracts attackers to exploit services for unauthorized access. The transparency of Open-Source projects, shallow screening of hosted projects on public software repositories and access to vulnerability databases pave the way for attackers to gain strategic information to exploit software...

Evaluating Software Security Aspects through Fuzzing and Genetic Algorithms

Improve software security evaluation by combining fuzzing and genetic algorithms.