Cost Based Vulnerability Control Method Using Static Analysis Tool


KIPS Transactions on Software and Data Engineering, Vol. 5, No. 3, pp. 139-144, Mar. 2016
10.3745/KTSDE.2016.5.3.139,   PDF Download:

Abstract

When, Software is developed, Applying development methods considering security, it is generated the problem of additional cost. These additional costs are caused not consider security in many developing organization. Even though, proceeding the developments, considering security, lack of ways to get the cost of handling the vulnerability throughput within the given cost. In this paper, propose a method for calculating the vulnerability throughput for using a security vulnerability processed cost-effectively. In the proposed method focuses on the implementation phase of the software development phase, leveraging static analysis tools to find security vulnerabilities in CWE TOP25. The found vulnerabilities are define risk, transaction costs, risk costs and defines the processing priority. utilizing the information in the CWE, Calculating a consumed cost in a detected vulnerability processed through a defined priority, and controls the vulnerability throughput in the input cost. When applying the method, it is expected to handle the maximum risk of vulnerability in the input cost.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
K. H. Lee, S. M. Kim, Y. B. Park, J. H. Park, "Cost Based Vulnerability Control Method Using Static Analysis Tool," KIPS Transactions on Software and Data Engineering, vol. 5, no. 3, pp. 139-144, 2016. DOI: 10.3745/KTSDE.2016.5.3.139.

[ACM Style]
Ki Hyun Lee, Seok Mo Kim, Young B. Park, and Je Ho Park. 2016. Cost Based Vulnerability Control Method Using Static Analysis Tool. KIPS Transactions on Software and Data Engineering, 5, 3, (2016), 139-144. DOI: 10.3745/KTSDE.2016.5.3.139.