Zobrazeno 1 - 10
of 42
pro vyhledávání: '"Andrew Meneely"'
Publikováno v:
ACM Transactions on Software Engineering and Methodology. 31:1-25
Penetration testing is a key practice toward engineering secure software. Malicious actors have many tactics at their disposal, and software engineers need to know what tactics attackers will prioritize in the first few hours of an attack. Projects l
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::31619601a9e1820a112919b3152dc3dc
https://doi.org/10.1145/3514040
https://doi.org/10.1145/3514040
Autor:
Andrew Meneely, Benjamin S. Meyers
Publikováno v:
ANT/EDI40
The daily activities of cybersecurity experts and software engineers—code reviews, issue tracking, vulnerability reporting—are constantly contributing to a massive wealth of security-specific natural language. In the case of vulnerabilities, unde
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::3c1b33e2526c729364b6856241e4e326
https://doi.org/10.1016/j.procs.2021.04.018
https://doi.org/10.1016/j.procs.2021.04.018
Publikováno v:
ESEM
(Background) Software vulnerabilities pose a serious threat to the security of computer systems. Hence, there is a constant race for defenders to find and patch them before attackers are able to exploit them. Measuring different aspects of this proce
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::f29dcdbfa7e51b5cbeff6c85ba495fa2
https://doi.org/10.1145/3475716.3475783
https://doi.org/10.1145/3475716.3475783
Autor:
Mahran Al-Zyoud, Christopher Theisen, Nuthan Munaiah, Laurie Williams, Andrew Meneely, Jeffrey C. Carver
Publikováno v:
Information and Software Technology. 104:94-103
Context Michael Howard conceptualized the attack surface of a software system as a metaphor for risk assessment during the development and maintenance of software. While the phrase attack surface is used in a variety of contexts in cybersecurity, pro
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::a4b8704ee066649f6606fbbc6cc4ff90
https://doi.org/10.1016/j.infsof.2018.07.008
https://doi.org/10.1016/j.infsof.2018.07.008
Publikováno v:
2012 ASEE Annual Conference & Exposition Proceedings.
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::9fbcd2bb9397abfba1628c249dd74c21
https://doi.org/10.18260/1-2--21178
https://doi.org/10.18260/1-2--21178
Publikováno v:
ESEM
Background: Inculcating an attacker mindset (i.e. learning to think like an attacker) is an essential skill for engineers and administrators to improve the overall security of software. Describing the approach that adversaries use to discover and exp
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::e6bfc6ed9b884d060d8eba7817293a79
https://doi.org/10.1109/esem.2019.8870147
https://doi.org/10.1109/esem.2019.8870147
Autor:
Nuthan Munaiah, Andrew Meneely
Publikováno v:
RCoSE-DDrEE@ICSE
Software metrics help developers discover and fix mistakes. However, despite promising empirical evidence, vulnerability discovery metrics are seldom relied upon in practice. In prior research, the effectiveness of these metrics has typically been ex
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::d454743fdbb0bfd04054fc84e9c7ba47
https://doi.org/10.1109/rcose/ddree.2019.00008
https://doi.org/10.1109/rcose/ddree.2019.00008
Publikováno v:
CHASE@ICSE
Experts suggest that engineering secure software requires a defensive mindset to be ingrained in developer culture, which could be reflected in conversation. But what does a conversation about software security in a real project look like? Linguists
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::32fbfda06d23a515899c3e9ddce55715
https://doi.org/10.1109/chase.2019.00026
https://doi.org/10.1109/chase.2019.00026
Publikováno v:
Empirical Software Engineering. 22:1305-1347
As developers face an ever-increasing pressure to engineer secure software, researchers are building an understanding of security-sensitive bugs (i.e. vulnerabilities). Research into mining software repositories has greatly increased our understandin
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::5f6a6e1c58bdb1ee20c2e66bd7fab35b
https://doi.org/10.1007/s10664-016-9447-3
https://doi.org/10.1007/s10664-016-9447-3
Autor:
Cecilia Ovesdotter Alm, Benjamin S. Meyers, Emily Prud'hommeaux, Pradeep K. Murukannaiah, Andrew Meneely, Nuthan Munaiah, Josephine Wolff
Publikováno v:
ACL (2)
Software developers and testers have long struggled with how to elicit proactive responses from their coworkers when reviewing code for security vulnerabilities and errors. For a code review to be successful, it must not only identify potential probl
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::bff34655e1d69f78c9f8203f602c76b0
https://doi.org/10.18653/v1/p18-2021
https://doi.org/10.18653/v1/p18-2021