39,874 research outputs found
Vulnerability anti-patterns:a timeless way to capture poor software practices (Vulnerabilities)
There is a distinct communication gap between the software engineering and cybersecurity communities when it comes to addressing reoccurring security problems, known as vulnerabilities. Many vulnerabilities are caused by software errors that are created by software developers. Insecure software development practices are common due to a variety of factors, which include inefficiencies within existing knowledge transfer mechanisms based on vulnerability databases (VDBs), software developers perceiving security as an afterthought, and lack of consideration of security as part of the software development lifecycle (SDLC). The resulting communication gap also prevents developers and security experts from successfully sharing essential security knowledge. The cybersecurity community makes their expert knowledge available in forms including vulnerability databases such as CAPEC and CWE, and pattern catalogues such as Security Patterns, Attack Patterns, and Software Fault Patterns. However, these sources are not effective at providing software developers with an understanding of how malicious hackers can exploit vulnerabilities in the software systems they create. As developers are familiar with pattern-based approaches, this paper proposes the use of Vulnerability Anti-Patterns (VAP) to transfer usable vulnerability knowledge to developers, bridging the communication gap between security experts and software developers. The primary contribution of this paper is twofold: (1) it proposes a new pattern template – Vulnerability Anti-Pattern – that uses anti-patterns rather than patterns to capture and communicate knowledge of existing vulnerabilities, and (2) it proposes a catalogue of Vulnerability Anti-Patterns (VAP) based on the most commonly occurring vulnerabilities that software developers can use to learn how malicious hackers can exploit errors in software
Recommended from our members
The Obama Administration’s Proposal to Establish a National Network for Manufacturing Innovation
[Excerpt] In his FY2013 budget, President Obama proposed the creation of a National Network for Manufacturing Innovation (NNMI) to help accelerate innovation by investing in industrially relevant manufacturing technologies with broad applications, and to support manufacturing technology commercialization by bridging the gap between the laboratory and the market.
The NNMI proposal calls for the establishment of up to 15 Institutes for Manufacturing Innovation (IMI) funded through a one-time infusion of $1 billion in mandatory funding to the Department of Commerce’s National Institute for Standards and Technology (NIST) and carried out over a period of 10 years. Each IMI would be comprised of stakeholders from industry (including large companies and small- and medium-sized manufacturing enterprises), academia, federal agencies, and state government entities. According to the proposal, each IMI is to be competitively selected, serve as a regional hub for manufacturing innovation (as well as part of the national network), and have a unique focus area (e.g., an advanced material, manufacturing process, enabling technology, or industry sector). The NNMI would be managed collaboratively by NIST, the Department of Defense, Department of Energy, National Science Foundation, and other agencies
Recommended from our members
The role of intermediaries in facilitating e-government diffusion in Saudi Arabia
Recent studies of e-government activity have highlighted adoption and diffusion issues as important subjects for rating e-government success. However in developing countries inadequate resources and limited citizens’ capabilities regarding new e-government have resulted in low diffusion and adoption of e-government services. This paper examines the role of intermediaries, which can be played by a third party; in bridging the gap between e-government implementation and social reality, and looks at the roles a third party can add within the e-government services mechanism. This paper uses a case study approach in order to reflect e-government progress within the context of the Kingdom of Saudi Arabia (KSA) as one developing country. The result of this paper shows that intermediaries play an important role in the diffusion of e-services in relation to improving the availability, accessibility and enhancing privacy and security
- …