SISTEM ZA PRAĆENJE RANJIVOSTI U SOFTVERU

  • Vladimir Cvetanović
Ključne reči: NVD, CVSS, CVE, ranjivost, zavisnost

Apstrakt

U ovom radu je opisan sistem za praćenje ranjivosti u softveru. Objašnjeni su osnovni pojmovi i mehanizmi uz pomoć kojih je moguće javno identifikovanje ranjivosti u softveru. Opisan je model sistema i koraci u radu sistema. Na kraju su data zaključna razmatranja i pravci kojima bi dalji razvoj ovog alata mogao da ide.

Reference

[1] Jose Carlos Coelho Martins da Fonseca, Marco Vieira, and Henrique Madeira, “Evaluation of Web Security Mechanisms Using Vulnerability & Attack Injection ”, IEEE Transactions on depandable and soft computing, 2013.
[2] https://resources.whitesourcesoftware.com/blog-whitesource/owasp-a9-using-components-with-known-vulnerabilities (pristupljeno pristupljeno u maju 2021)
[3] Serena Elisa Ponta, Henrik Plate, “Detection assessment and mitigation of vulnerabilities in open source dependencies, 2020.
[4] Minzhe Gou, Ju An Wang, “An Ontology-based Approach to Model Common Vulnerabilities and Exposures in Information Security”, ASEE Southeast Section Conference, 2009.
[5] https://ce.mitre.org/cve/identifiers/index.html, (pristupljen pristupljeno u maju 2021)
[6] Harold Booth, Doug Rike and Greg Witte, “The National Vulnerability Database (NVD): Overview”, 2013.
[7] https://resources.whitesourcesoftware.com/blog-whitesource/the-national-vulnerability-database-explained, (pristupljeno u maju 2021)
[8] Peter Mell, Karen Scarfone, Sasha Romanosky, “An Analysis of CVSS Version 2 Vulnerability Scoring”, Third International Symposium on Empirical Software Engineering and Measurement, 2006.
[9] Peter Mell, Karen Scarfone, Sasha Romanosky, A Complete Guide to the Common Vulnerability Scoring System Version 2.0, 2007.
[10] J. A. D. C. A. Jayakody, A. K. A. Perera, G. L. A. K. N. Perera, “Web-application Security Evaluation as a Service with Cloud Native Environment Support”, International Conference on Advancements in Computing (ICAC), 2019.
[11] Dimitris Mitropoulos, Vassilios Karakoidas, Panos Louridas, Georgios Gousios, Diomidis Spinellis, “The Bug Catalog of the Maven Ecosystem”, 2014.
[12] Ivan Pashchenko, Henrik Plate, Serena Elisa Ponta, Antonino Sabetta and Fabio Massacci, “Vulnerable Open Source Dependencies: Counting Those That Matter”, Proceedings of the 12th International Symposium on Empirical Software Engineering and Measurement (ESEM), 2018.
[13]https://maven.apache.org/guides/introduction/introduction-to-the-pom.html (pristupljeno u junu 2021)
Objavljeno
2021-11-08
Sekcija
Elektrotehničko i računarsko inženjerstvo