A Screening Test for Disclosed Vulnerabilities in FOSS Components
- Submitting institution
-
University of Exeter
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 6349
- Type
- D - Journal article
- DOI
-
10.1109/TSE.2018.2816033
- Title of journal
- IEEE Transactions on Software Engineering
- Article number
- -
- First page
- 945
- Volume
- 45
- Issue
- 10
- ISSN
- 0098-5589
- Open access status
- Compliant
- Month of publication
- March
- Year of publication
- 2018
- URL
-
-
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
2
- Research group(s)
-
-
- Citation count
- 1
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- Today, most software is build by composing existing Open Source libraries, and software vendors are liable for all vulnerabilities (e.g., Heartbleed) in libraries they consume. We present the first approach for quickly identifying if an application using a library is affected by a vulnerability and to support management in deciding for the most cost effective mitigation approach. The approach is used by SAP SE (implemented by one of the authors in the team of Dr. Uwe Sodan: https://www.linkedin.com/in/uwe-sodan/ The work is protected by US Patent 10,691,808, and has been featured in the "Highlights from ICSE 2019" Practitioners? Digest: https://ieeexplore.ieee.org/abstract/document/8802626
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -