350 rub
Journal Information-measuring and Control Systems №4 for 2009 г.
Article in number:
Program code vulnerabilities analysis
Authors:
R. R. Fatkieva, V. V. Pometsko
Abstract:
A testing process is an inseparable part of software engineering. Despite a lot of methods and approaches to the software testing problem, critical vulnerabilities still can be found in finished products. Set of metrics, for most exploited vulnerabilities is described, and approach to software evaluation, based on described metrics is offered. Most exploited software vulnerabilities are described, approach to software evaluation based on described metrics is suggested. It is possible to apply such metrics during stage of automated static testing that also strengthens software code quality. A scanning software code of a tested program and its analysis according to program-s characteristics and functions is suggested. Limitations of this approach lie in the fact that exposing some vulnerability implies having corresponding metric. This approach lets to make fuller analysis of vulnerabilities presence basic indications and is also scalable
Pages: 56
References
- Хогланд, Грег, Мак-Гроу, Гари. Взлом программного обеспечения: анализ и использование кода.: Пер. с англ. М.: Издательский дом «Вильяме», 2005, 400 с.
- www.racal.ru/rsp/glossary_2.html
- http://www.klocwork.com/ по состоянию на 10.12.2008
- http://www.coverity.com/ по состоянию на 10.12.2008
- www.cigital.com/its4/ по состоянию на 10.12.2008
- http://met-rix.narod.ru/page1.htm по состоянию на 15.11.2008
- John Viega, Gary McGraw. Building Secure Software. Addison-Wesley Professional Computing Series, 2002, 528 p.