Learn More
Software model checking has become a popular tool for verifying programs' behavior. Recent results suggest that it is viable for finding and eradicating security bugs quickly. However, even state-of-the-art model checkers are limited in use when they report an overwhelming number of false positives, or when their lengthy running time dwarfs other software(More)
We introduce a dynamic technique for defending web applications that would otherwise be vulnerable to cross-site scripting attacks. Our method is comprised of two phases: an attack-free training period where we capture the normal behavior of the application in the form of a set of likely program invariants, and an indefinite period of time spent in a(More)
RATIONALE, AIMS, AND OBJECTIVES The US health care system is marked by a high degree of fragmentation in both delivery and financing. Some evidence suggests that attempts to reduce fragmentation have led to significant provider consolidation, including hospital acquisitions of physician groups, or "vertical integration." The objective was to use time-series(More)
We begin by describing the system Fortify uses for ranking vulnerabilities and our method for assigning a program an over-all score. We then consider another popular vulnerability ranking system (CVSS) and explain why it is less useful for ranking static analysis results. We use the second half of the paper to explain the motivation and method behind our(More)
S its publication more than 50 years ago, “The Ecology of Medical Care” (1) has provided a framework for understanding how persons seek and receive health care. Drawing on diary studies and other data from the United States and the United Kingdom, White and colleagues (1) found that only 2 in 5 persons who are ill consider seeking care and among those, only(More)
  • 1