Print Email Facebook Twitter Tracking known security vulnerabilities in third-party components Title Tracking known security vulnerabilities in third-party components Author Cadariu, M.D. Contributor Van Deursen, A. (mentor) Faculty Electrical Engineering, Mathematics and Computer Science Department Software Technology Programme Msc. Computer Science Date 2014-08-27 Abstract Known security vulnerabilities are introduced in software systems as a result of depending on third-party components. These documented software weaknesses are hiding in plain sight and represent the lowest hanging fruit for attackers. Despite the risk they introduce for software systems, it has been shown that developers consistently download vulnerable components from public repositories. We show that these downloads indeed find their way in many industrial and open-source software systems. In order to improve the status quo, we introduce the Vulnerability Alert Service, a tool-based process to track known vulnerabilities in software projects throughout the development process. Its usefulness has been empirically validated in the context of the external software product quality monitoring service offered by the Software Improvement Group, a software consultancy company based in Amsterdam, the Netherlands. Subject known vulnerabilities To reference this document use: http://resolver.tudelft.nl/uuid:504b4d73-c4ab-4e5e-bcaf-ca6d2ff7347b Part of collection Student theses Document type master thesis Rights (c) 2014 Cadariu, M.D. Files PDF thesis.pdf 732.43 KB Close viewer /islandora/object/uuid:504b4d73-c4ab-4e5e-bcaf-ca6d2ff7347b/datastream/OBJ/view