Enhancing the secured software framework using vulnerability patterns and flow diagrams

This article describes the process of simplifying the software security classification. The inputs of this process include a reference model from previous researcher and existing Common Vulnerabilities and Exposure (CVE) database. An interesting aim is to find out how we can make the secured softwar...

Full description

Saved in:
Bibliographic Details
Main Authors: Hassan, Nor Hafeizah, Bahaman, Nazrulazhar, Hussin, Burairah, Sahib, Shahrin
Format: Article
Language:English
Published: The Science And Information (SAI) Organization Limited 2018
Online Access:http://eprints.utem.edu.my/id/eprint/24789/2/ENHANCING%20THE%20SECURED%20SOFTWARE%20FRAMEWORK%20USING%20VULNERABILITY%20PATTERNS%20AND%20FLOW%20DIAGRAMS.PDF
http://eprints.utem.edu.my/id/eprint/24789/
https://thesai.org/Downloads/Volume9No9/Paper_46-Enhancing_the_Secured_Software_Framework.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Universiti Teknikal Malaysia Melaka
Language: English
Description
Summary:This article describes the process of simplifying the software security classification. The inputs of this process include a reference model from previous researcher and existing Common Vulnerabilities and Exposure (CVE) database. An interesting aim is to find out how we can make the secured software framework implementable in practice. In order to answer this question, some inquiries were set out regarding reference model and meta-process for classification to be a workable measurement system. The outputs of the process are the results discussion of experimental result and expert's validation. The experimental result use the existing CVE database which serves as an analysis when a) the framework is applied on three mix datasets, and b) when the framework is applied on two focus datasets. The first explains the result when the framework is applied on the CVE data randomly which consist mix of vendors and the latter is applied on the CVE data randomly but on selective vendors. The metric used in this assessment are precision and recall rate. The result shows there is a strong indicator that the framework can produce acceptable output accuracy. Apart from that, several experts' views were discussed to show the correctness and eliminate the ambiguity of classification rules and to prove the whole framework process.