Publikation:

VulnEx : Exploring Open-Source Software Vulnerabilities in Large Development Organizations to Understand Risk Exposure

Lade...
Vorschaubild

Dateien

Dennig_2-m0pdfelbvbft9.pdf
Dennig_2-m0pdfelbvbft9.pdfGröße: 358.01 KBDownloads: 55

Datum

2021

Herausgeber:innen

Kontakt

ISSN der Zeitschrift

Electronic ISSN

ISBN

Bibliografische Daten

Verlag

Schriftenreihe

Auflagebezeichnung

Internationale Patentnummer

Angaben zur Forschungsförderung

Projekt

Open Access-Veröffentlichung
Open Access Green
Core Facility der Universität Konstanz

Gesperrt bis

Titel in einer weiteren Sprache

Publikationstyp
Beitrag zu einem Konferenzband
Publikationsstatus
Published

Erschienen in

2021 IEEE Symposium on Visualization for Cyber Security (VizSec). Piscataway, NJ: IEEE, 2021, pp. 79-83. ISBN 978-1-66542-085-3. Available under: doi: 10.1109/VizSec53666.2021.00014

Zusammenfassung

The prevalent usage of open-source software (OSS) has led to an increased interest in resolving potential third-party security risks by fixing common vulnerabilities and exposures (CVEs). However, even with automated code analysis tools in place, security analysts often lack the means to obtain an overview of vulnerable OSS reuse in large software organizations. In this design study, we propose VulnEx (Vulnerability Explorer), a tool to audit entire software development organizations. We introduce three complementary table-based representations to identify and assess vulnerability exposures due to OSS, which we designed in collaboration with security analysts. The presented tool allows examining problematic projects and applications (repositories), third-party libraries, and vulnerabilities across a software organization. We show the applicability of our tool through a use case and preliminary expert feedback.

Zusammenfassung in einer weiteren Sprache

Fachgebiet (DDC)
004 Informatik

Schlagwörter

Konferenz

2021 IEEE Symposium on Visualization for Cyber Security (VizSec), 27. Okt. 2021, New Orleans, LA
Rezension
undefined / . - undefined, undefined

Forschungsvorhaben

Organisationseinheiten

Zeitschriftenheft

Zugehörige Datensätze in KOPS

Zitieren

ISO 690DENNIG, Frederik L., Eren CAKMAK, Henrik PLATE, Daniel A. KEIM, 2021. VulnEx : Exploring Open-Source Software Vulnerabilities in Large Development Organizations to Understand Risk Exposure. 2021 IEEE Symposium on Visualization for Cyber Security (VizSec). New Orleans, LA, 27. Okt. 2021. In: 2021 IEEE Symposium on Visualization for Cyber Security (VizSec). Piscataway, NJ: IEEE, 2021, pp. 79-83. ISBN 978-1-66542-085-3. Available under: doi: 10.1109/VizSec53666.2021.00014
BibTex
@inproceedings{Dennig2021-08-13T14:17:15ZVulnE-54681,
  year={2021},
  doi={10.1109/VizSec53666.2021.00014},
  title={VulnEx : Exploring Open-Source Software Vulnerabilities in Large Development Organizations to Understand Risk Exposure},
  isbn={978-1-66542-085-3},
  publisher={IEEE},
  address={Piscataway, NJ},
  booktitle={2021 IEEE Symposium on Visualization for Cyber Security (VizSec)},
  pages={79--83},
  author={Dennig, Frederik L. and Cakmak, Eren and Plate, Henrik and Keim, Daniel A.}
}
RDF
<rdf:RDF
    xmlns:dcterms="http://purl.org/dc/terms/"
    xmlns:dc="http://purl.org/dc/elements/1.1/"
    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
    xmlns:bibo="http://purl.org/ontology/bibo/"
    xmlns:dspace="http://digital-repositories.org/ontologies/dspace/0.1.0#"
    xmlns:foaf="http://xmlns.com/foaf/0.1/"
    xmlns:void="http://rdfs.org/ns/void#"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema#" > 
  <rdf:Description rdf:about="https://kops.uni-konstanz.de/server/rdf/resource/123456789/54681">
    <foaf:homepage rdf:resource="http://localhost:8080/"/>
    <dc:creator>Cakmak, Eren</dc:creator>
    <dc:date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2021-08-23T10:43:11Z</dc:date>
    <dc:contributor>Dennig, Frederik L.</dc:contributor>
    <dc:contributor>Cakmak, Eren</dc:contributor>
    <dcterms:title>VulnEx : Exploring Open-Source Software Vulnerabilities in Large Development Organizations to Understand Risk Exposure</dcterms:title>
    <dc:creator>Dennig, Frederik L.</dc:creator>
    <void:sparqlEndpoint rdf:resource="http://localhost/fuseki/dspace/sparql"/>
    <dcterms:issued>2021-08-13T14:17:15Z</dcterms:issued>
    <dcterms:rights rdf:resource="https://rightsstatements.org/page/InC/1.0/"/>
    <dc:creator>Keim, Daniel A.</dc:creator>
    <dcterms:abstract xml:lang="eng">The prevalent usage of open-source software (OSS) has led to an increased interest in resolving potential third-party security risks by fixing common vulnerabilities and exposures (CVEs). However, even with automated code analysis tools in place, security analysts often lack the means to obtain an overview of vulnerable OSS reuse in large software organizations. In this design study, we propose VulnEx (Vulnerability Explorer), a tool to audit entire software development organizations. We introduce three complementary table-based representations to identify and assess vulnerability exposures due to OSS, which we designed in collaboration with security analysts. The presented tool allows examining problematic projects and applications (repositories), third-party libraries, and vulnerabilities across a software organization. We show the applicability of our tool through a use case and preliminary expert feedback.</dcterms:abstract>
    <dspace:isPartOfCollection rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dc:creator>Plate, Henrik</dc:creator>
    <bibo:uri rdf:resource="https://kops.uni-konstanz.de/handle/123456789/54681"/>
    <dc:rights>terms-of-use</dc:rights>
    <dcterms:available rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">2021-08-23T10:43:11Z</dcterms:available>
    <dcterms:hasPart rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/54681/1/Dennig_2-m0pdfelbvbft9.pdf"/>
    <dc:language>eng</dc:language>
    <dc:contributor>Plate, Henrik</dc:contributor>
    <dcterms:isPartOf rdf:resource="https://kops.uni-konstanz.de/server/rdf/resource/123456789/36"/>
    <dspace:hasBitstream rdf:resource="https://kops.uni-konstanz.de/bitstream/123456789/54681/1/Dennig_2-m0pdfelbvbft9.pdf"/>
    <dc:contributor>Keim, Daniel A.</dc:contributor>
  </rdf:Description>
</rdf:RDF>

Interner Vermerk

xmlui.Submission.submit.DescribeStep.inputForms.label.kops_note_fromSubmitter

Kontakt
URL der Originalveröffentl.

Prüfdatum der URL

Prüfungsdatum der Dissertation

Finanzierungsart

Kommentar zur Publikation

Allianzlizenz
Corresponding Authors der Uni Konstanz vorhanden
Internationale Co-Autor:innen
Universitätsbibliographie
Ja
Begutachtet
Diese Publikation teilen