VulnEx: Exploring Open-Source Software Vulnerabilities in Large Development Organizations to Understand Risk Exposure (short paper)

Frederik L. Dennig, Eren Cakmak, Henrik Plate, Daniel Keim

External link (DOI)
View presentation:Wednesday, October 27th, 2021 @ 18:00GMT+00:00Change your timezone on the schedule page
3 years agoYour current time: Wednesday, Mar 26th @ 15:58
Exemplar figure, described by caption below
Fast forward

Direct link to video on YouTube: https://youtu.be/9_sWqLtZX6k

Keywords

University of Konstanz

Abstract

The prevalent usage of open-source software (OSS) has led to an increased interest in resolving potential third-party security risks by fixing common vulnerabilities and exposures (CVEs). However, even with automated code analysis tools in place, security analysts often lack the means to obtain an overview of vulnerable OSS reuse in large software organizations. In this design study, we propose VulnEx (Vulnerability Explorer), a tool to audit entire software development organizations. We introduce three complementary table-based representations to identify and assess vulnerability exposures due to OSS, which we designed in collaboration with security analysts. The presented tool allows examining problematic projects and applications (repositories), third-party libraries, and vulnerabilities across a software organization. We show the applicability of our tool through a use case and preliminary expert feedback.

We use cookies to gather statistics about the attendees of different sessions and to store which papers have been visited.
Accept
Reject