Qualitative and Quantitative Software Vulnerability Analytics Using Open-Source Data
The risk of being affected by cyber threats in terms of their complexity and frequency is increasing wildly. Consequently, cybersecurity has become a multifaceted problem in recent years. The most significant factor contributing to cyber threats is software vulnerabilities (SVs). They are defined as weaknesses in a computer program that can be utilised by an attacker to perform malicious actions. According to official resources, the number of registered SVs nearly quadrupled in 2022 compared to 2016 (from 6454 to 25226 vulnerabilities). Thus, understanding the root causes of SVs at different stages of a computer program, such as designing, developing, and deploying, is essential to assist cybersecurity. Through the use of qualitative and quantitative approaches, this research investigates factors contributing to SVs at various stages of protection (i.e., detection, assessment, and mitigation). For instance, how secure coding practices could be generated based on historical data, such as bug reports and code changes.
Publications
- Empirical Analysis of Software Vulnerabilities Causing Timing Side Channels, M. Mehdi Kholoosi, M. Ali Babar, Cemal Yilmaz, 2023 IEEE Conference on Communications and Network Security (CNS), Link: https://arxiv.org/pdf/2308.11862
Project Members
- Mehdi Kholoosi