Abstract
This article describes the process of simplifying the software security classification. The inputs of this process include a reference model from previous researcher and existing Common Vulnerabilities and Exposure (CVE) database. An interesting aim is to find out how we can make the secured software framework implementable in practice. In order to answer this question, some inquiries were set out regarding reference model and meta-process for classification to be a workable measurement system. The outputs of the process are the results discussion of experimental result and expert’s validation. The experimental result use the existing CVE database which serves as an analysis when a) the framework is applied on three mix datasets, and b) when the framework is applied on two focus datasets. The first explains the result when the framework is applied on the CVE data randomly which consist mix of vendors and the latter is applied on the CVE data randomly but on selective vendors. The metric used in this assessment are precision and recall rate. The result shows there is a strong indicator that the framework can produce acceptable output accuracy. Apart from that, several experts’ views were discussed to show the correctness and eliminate the ambiguity of classification rules and to prove the whole framework process.
Highlights
In software application, it is observed that there are negative consequences when security is compromised
This study focuses on the research and development of the design, formalization and translation of the vulnerability classification pattern through a framework using common vulnerabilities and exposures data pattern
Because of this consensus, later, in Common Vulnerabilities and Exposures: The Standard for Information Security Vulnerability Names, another definition of vulnerability is given as a state in a computing system that either:
Summary
It is observed that there are negative consequences when security is compromised. It is learned that the terms must be specified with related to predefined rules of information security Another challenge was to formally translate the domain terms into a schema that can be translated to a workable engine to extract the vulnerability given a historical database as debated in [2]. This study focuses on the research and development of the design, formalization and translation of the vulnerability classification pattern through a framework using common vulnerabilities and exposures data pattern. It is achieved through the usage of syntax and semantic formal representation that accurate to produce a simplified set of vulnerabilities patterns and consistently can be use within other incident cases. The final aim of this study is to measure the accuracy and correctness of the vulnerability classification procedures of algorithm, which already indicates the focal view and depth in security domain
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Advanced Computer Science and Applications
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
