A Method for Mining XML Data Describing Open-Source and Proprietary Software Vulnerabilities
暂无分享,去创建一个
There is an ongoing debate about the magnitude and characteristics of software vulnerabilities found in open-source versus proprietary software. A software vulnerability is defined as a flaw in a piece of software that has been discovered and exploited. Once publicized, typically by an electronic announcement, the vulnerability is posted to one of several competing online security information services. The software vendor will then respond with a scripted patch or remediation. Data related to software vulnerabilities is available publicly (i.e., CERT, SecurityTracker, Mitre, and SANS) and is often stored in an XML format. However, XML presents several challenges for text mining software. The purpose of this paper is to describe a method for mining XML data that sufficiently addresses these concerns in the context of software vulnerability research. Preliminary results are presented.
[1] R. Weber. Basic Content Analysis , 1986 .
[2] William A. Arbaugh,et al. IEEE 52 Computer , 1985 .
[3] William A. Arbaugh,et al. A trend analysis of exploitations , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.
[4] Carl E. Landwehr,et al. Does Open Source Improve System Security? , 2001, IEEE Softw..