sourcecode security is the foundation of software security, so it is of great significance to test sourcecode defects before the software system goes online. This paper first elaborated the causes of sourcecode sec...
详细信息
ISBN:
(数字)9781665458641
ISBN:
(纸本)9781665458641
sourcecode security is the foundation of software security, so it is of great significance to test sourcecode defects before the software system goes online. This paper first elaborated the causes of sourcecode security defects, and introduced the identification methods and repair measures of sourcecode vulnerabilities in detail. Finally, it described the testing process management of sourcecode. This paper has a certain practical guiding significance for sourcecode vulnerability testing.
software, and software source code in particular, is widely used in modern research. It must be properly archived, referenced, described and cited in order to build a stable and long lasting corpus of scientific knowl...
详细信息
ISBN:
(数字)9783030522001
ISBN:
(纸本)9783030522001
software, and software source code in particular, is widely used in modern research. It must be properly archived, referenced, described and cited in order to build a stable and long lasting corpus of scientific knowledge. In this article we show how the software Heritage universal sourcecode archive provides a means to fully address the first two concerns, by archiving seamlessly all publicly available software source code, and by providing intrinsic persistent identifiers that allow to reference it at various granularities in a way that is at the same time convenient and effective. We call upon the research community to adopt widely this approach.
Vulnerability detection has long been an important issue in software security. The existing methods mainly define the rules and features of vulnerabilities through experts, which are time-consuming and laborious, and ...
详细信息
Vulnerability detection has long been an important issue in software security. The existing methods mainly define the rules and features of vulnerabilities through experts, which are time-consuming and laborious, and usually with poor accuracy. Thus automatic vulnerability detection methods based on code representation graph and Graph Neural Network (GNN) have been proposed with the advantage of effectively capture both the semantics and structure information of the sourcecode, showing a better performance. However, these methods ignore the redundant information in the graph and the GNN model, leading to a still unsatisfactory performance. To alleviate this problem, we propose a attention-based automatic vulnerability detection approach with Gated Graph Sequence Neural Network (GGNN). Firstly, we introduce two preprocessing methods namely pruning and symbolization representation to reduce the redundant information of the input code representation graph, and then put the graph into the GGNN layer to update the node features. Next, the key subgraph extraction and global feature aggregation are realized through the attention-based Pooling layers. Finally, the classification result is obtained through a linear classifier. The experimental results show the effectiveness of our proposed preprocessing methods and attention-based Pooling layers, especially the higher Accuracy and F1-score gains compared with the state-of-the-art automatic vulnerability detection approaches.
Vulnerabilities in software source code are one of the critical issues in the realm of softwarecode auditing. Due to their high impact, several approaches have been studied in the past few years to mitigate the damag...
详细信息
Vulnerabilities in software source code are one of the critical issues in the realm of softwarecode auditing. Due to their high impact, several approaches have been studied in the past few years to mitigate the damages from such vulnerabilities. Among the approaches, deep learning has gained popularity throughout the years to address such issues. In this literature survey, the authors provide an extensive review of the many works in the field software vulnerability analysis that utilise deep learning-based techniques. The reviewed works are systemised according to their objectives (i.e. the type of vulnerability analysis aspect), the area of focus (i.e. the focus area of the analysis), what information about sourcecode is used (i.e. the features), and what deep learning techniques they employ (i.e. what algorithm is used to process the input and produce the output). They also study the limitations of the papers and topical trends concerning vulnerability analysis.
software source code management needs it to improve the functioning of the information society. And there are management and security of software source code equivalent to assembly lines of important infrastructure in...
详细信息
ISBN:
(纸本)9783642026164
software source code management needs it to improve the functioning of the information society. And there are management and security of software source code equivalent to assembly lines of important infrastructure in the early stage of information society directly. Thus, support technologies to protect and trade software source code are so poor state. In this paper, we propose management framework to support access control and new authentication system for E-commercial contract of software source code using CRYPTEX model of secure container and Secrete Sharing Scheme.
software source code management uses it to improve the functioning of the information society. And there are management and security of software source code equivalent to assembly lines of important infrastructure in ...
详细信息
ISBN:
(纸本)9780769534862
software source code management uses it to improve the functioning of the information society. And there are management and security of software source code equivalent to assembly lines of important infrastructure in the early stage of information society directly. Thus, support technology and framework to protect copyrights of software source code are so poor state. In this paper, we propose management framework to support access control and copyrights expression of software source code using digital license and CRYPTEX model of secure container. *
暂无评论