Building A Recommender System For Architecture Related Vulnerabilities

1110 Words5 Pages
section{Literature Review}label{sec:lit_review} Security breaches are a well-known problem that have been solved in different ways: automatic detection tools cite{li2010comparative}, documentation of best practicescite{owasp2015} and software development process activities (such as penetration testing cite{arkin2005software}, modeling cite{mcdermott1999using, swiderski2004threat}, architectural analysis cite{halkidis2008architectural,mcdermott1999using,howard2003writing} and so on). Despite the research community efforts to create techniques and tools for developing more secure software, there is a gap for techniques that address the security problem using an architectural point of view cite{rehman2009research}. Given that this research…show more content…
Their results showed that static analysis tools face the issue of finding many false positives/negatives mainly because it is highly dependent on a previous set of rules or a vulnerability database that specifies the nature of the vulnerability. Besides that, they also discussed that these tools are tied to a specific technology/programming language, so there is no tool that can be applied to all type of applications and accurately detects their weaknesses. Similarly, Kuperman et al cite{kuperman2005detection} conducted a study about vulnerability prevention and mitigation techniques for attacks that exploit the existence of buffer overflows in the code and found out that there is no solution that can avoid all the consequences of a buffer overflow. %Given these results, they proposed combining static analysis tools with dynamic testing to find security holes. Their idea is to first test the program using static analysis tools and later using a dynamic detection to confirm the existence of the weaknesses detected found in the static analysis. Dessiatnikoff et. al. cite{dessiatnikoff2011clustering} proposed a new
    Open Document