Publikation: VulnEx : Exploring Open-Source Software Vulnerabilities in Large Development Organizations to Understand Risk Exposure
Dateien
Datum
Autor:innen
Herausgeber:innen
ISSN der Zeitschrift
Electronic ISSN
ISBN
Bibliografische Daten
Verlag
Schriftenreihe
Auflagebezeichnung
URI (zitierfähiger Link)
DOI (zitierfähiger Link)
ArXiv-ID
Internationale Patentnummer
Link zur Lizenz
Angaben zur Forschungsförderung
Projekt
Open Access-Veröffentlichung
Core Facility der Universität Konstanz
Titel in einer weiteren Sprache
Publikationstyp
Publikationsstatus
Erschienen in
Zusammenfassung
The prevalent usage of open-source software (OSS) has led to an increased interest in resolving potential third-party security risks by fixing common vulnerabilities and exposures (CVEs). However, even with automated code analysis tools in place, security analysts often lack the means to obtain an overview of vulnerable OSS reuse in large software organizations. In this design study, we propose VulnEx (Vulnerability Explorer), a tool to audit entire software development organizations. We introduce three complementary table-based representations to identify and assess vulnerability exposures due to OSS, which we designed in collaboration with security analysts. The presented tool allows examining problematic projects and applications (repositories), third-party libraries, and vulnerabilities across a software organization. We show the applicability of our tool through a use case and preliminary expert feedback.
Zusammenfassung in einer weiteren Sprache
Fachgebiet (DDC)
Schlagwörter
Konferenz
Rezension
Zitieren
ISO 690
DENNIG, Frederik L., Eren CAKMAK, Henrik PLATE, Daniel A. KEIM, 2021. VulnEx : Exploring Open-Source Software Vulnerabilities in Large Development Organizations to Understand Risk Exposure. 2021 IEEE Symposium on Visualization for Cyber Security (VizSec). New Orleans, LA, 27. Okt. 2021. In: 2021 IEEE Symposium on Visualization for Cyber Security (VizSec). Piscataway, NJ: IEEE, 2021, pp. 79-83. ISBN 978-1-66542-085-3. Available under: doi: 10.1109/VizSec53666.2021.00014BibTex
@inproceedings{Dennig2021-08-13T14:17:15ZVulnE-54681, year={2021}, doi={10.1109/VizSec53666.2021.00014}, title={VulnEx : Exploring Open-Source Software Vulnerabilities in Large Development Organizations to Understand Risk Exposure}, isbn={978-1-66542-085-3}, publisher={IEEE}, address={Piscataway, NJ}, booktitle={2021 IEEE Symposium on Visualization for Cyber Security (VizSec)}, pages={79--83}, author={Dennig, Frederik L. and Cakmak, Eren and Plate, Henrik and Keim, Daniel A.} }
RDF
<rdf:RDF xmlns:dcterms="http://purl.org/dc/terms/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:bibo="http://purl.org/ontology/bibo/" xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:void="http://rdfs.org/ns/void#" xmlns:xsd="http://www.w3.org/2001/XMLSchema#" > <rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/54681"> <foaf:homepage rdf:resource="http://localhost:8080/"/> <dc:creator>Cakmak, Eren</dc:creator> <dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2021-08-23T10:43:11Z</dc:date> <dc:contributor>Dennig, Frederik L.</dc:contributor> <dc:contributor>Cakmak, Eren</dc:contributor> <dcterms:title>VulnEx : Exploring Open-Source Software Vulnerabilities in Large Development Organizations to Understand Risk Exposure</dcterms:title> <dc:creator>Dennig, Frederik L.</dc:creator> <void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/> <dcterms:issued>2021-08-13T14:17:15Z</dcterms:issued> <dcterms:rights rdf:resource="https://rightsstatements.org/page/InC/1.0/"/> <dc:creator>Keim, Daniel A.</dc:creator> <dcterms:abstract xml:lang="eng">The prevalent usage of open-source software (OSS) has led to an increased interest in resolving potential third-party security risks by fixing common vulnerabilities and exposures (CVEs). However, even with automated code analysis tools in place, security analysts often lack the means to obtain an overview of vulnerable OSS reuse in large software organizations. In this design study, we propose VulnEx (Vulnerability Explorer), a tool to audit entire software development organizations. We introduce three complementary table-based representations to identify and assess vulnerability exposures due to OSS, which we designed in collaboration with security analysts. The presented tool allows examining problematic projects and applications (repositories), third-party libraries, and vulnerabilities across a software organization. We show the applicability of our tool through a use case and preliminary expert feedback.</dcterms:abstract> <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/> <dc:creator>Plate, Henrik</dc:creator> <bibo:uri rdf:resource="https://kops.uni-konstanz.de/handle/123456789/54681"/> <dc:rights>terms-of-use</dc:rights> <dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2021-08-23T10:43:11Z</dcterms:available> <dcterms:hasPart rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/54681/1/Dennig_2-m0pdfelbvbft9.pdf"/> <dc:language>eng</dc:language> <dc:contributor>Plate, Henrik</dc:contributor> <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/> <dspace:hasBitstream rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/54681/1/Dennig_2-m0pdfelbvbft9.pdf"/> <dc:contributor>Keim, Daniel A.</dc:contributor> </rdf:Description> </rdf:RDF>