Precisely Characterizing Security Impact in a Flood of Patches via Symbolic Rule Comparison

@inproceedings{Wu2020PreciselyCS,
  title={Precisely Characterizing Security Impact in a Flood of Patches via Symbolic Rule Comparison},
  author={Qiushi Wu and Yang He and Stephen McCamant and Kangjie Lu},
  year={2020}
}
  • Qiushi Wu, Yang He, +1 author Kangjie Lu
  • Published 2020
  • Computer Science
  • A bug is a vulnerability if it has security impacts when triggered. Determining the security impacts of a bug is important to both defenders and attackers. Maintainers of large software systems are bombarded with numerous bug reports and proposed patches, with missing or unreliable information about their impact. Determining which few bugs are vulnerabilities is difficult, and bugs that a maintainer believes do not have security impact will be de-prioritized or even ignored. On the other hand… CONTINUE READING

    Create an AI-powered research feed to stay up to date with new papers like this posted to ArXiv

    References

    Publications referenced by this paper.
    SHOWING 1-10 OF 70 REFERENCES

    Spider: Enabling fast patch propagation in related software repositories

    • A. Machiry, N. Redini, E. Cammellini, C. Kruegel, G. Vigna
    • IEEE Symposium on Security and Privacy (SP)
    • 2020
    VIEW 4 EXCERPTS
    HIGHLY INFLUENTIAL

    Survey shows linux the top operating system for internet of things devices, 2018. https://www.itprotoday.com/iot/ survey-shows-linux-top-operating-system-internet-things-devices

    • C. Hall
    • 2018
    VIEW 2 EXCERPTS
    HIGHLY INFLUENTIAL

    Under-Constrained Symbolic Execution: Correctness Checking for Real Code

    VIEW 6 EXCERPTS
    HIGHLY INFLUENTIAL

    Android security rewards program rules

    • Google
    • 2019

    Bugzilla main page

    • Mozilla
    • 2019

    Common vulnerabilities and exposures, 2019

    • M. Corporation
    • https: //cve.mitre.org/cgi-bin/cvekey.cgi?keyword=linux+kernel
    • 2019
    VIEW 1 EXCERPT

    Common weakness enumeration (cwe)

    • M Corporation
    • 2019

    Common weakness enumeration (cwe), 2019

    • M. Corporation
    • https: //cwe.mitre.org/data/definitions/1000.html
    • 2019
    VIEW 1 EXCERPT