We demonstrate a tool for identifying, prioritizing and evaluating vulnerabilities in software. The tool aims to improve security in products by making maintenance more efficient and robust. Software components and release versions are matched with vulnerability information from open resources. The results are visualized on several different levels, ranging from product portfolio and individual products, to specific releases and vulnerabilities. The tool keeps track of how security evolves over time in deployed releases, and also how the maintenance organization progresses in evaluating new vulnerabilities. This will result in more efficient, accurate, and robust security analysis and awareness within the organization, and the anticipated long term effect is more secure products.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations –citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.