Where do most vulnerabilities occur in software? Our Vulture tool automatically mines existing vulnerability databases and version archives to map past vulnerabilities to components. The resulting ranking of the most vulnerable components is a perfect base for further investigations on what makes components vulnerable.In an investigation of the Mozilla vulnerability history, we surprisingly found that components that had a single vulnerability in the past were generally not likely to have further vulnerabilities. However, components that had similar imports or function calls were likely to be vulnerable.Based on this observation, we were able to extend Vulture by a simple predictor that correctly predicts about half of all vulnerable components, and about two thirds of all predictions are correct. This allows developers and project managers to focus their their efforts where it is needed most: "We should look at nsXPInstallManager because it is likely to contain yet unknown vulnerabilities."
Dodecyl amine edge functionalized few-layer graphene oxide quantum dots were synthesized in good yields. The covalent functionalization was demonstrated with NMR and AFM-IR. The resulting structure and particle size was measured with AFM and HRTEM. The thermal stability of the compound was investigated and showed a stability of up to 220 °C. The modified graphene oxide quantum dots showed excellent solubility in various organic solvents, including ethers, methanol, toluene, n-hexane, heptane, xylene, dichloromethane and toluene. The stability of a resulting toluene solution was also proven by static light scattering measurements over several days. The excellent solubility gives the possibility of an efficient and fast spray application of the functionalized graphene oxide quantum dots to steel surfaces. Hence, the macroscopic friction behavior was investigated with a Thwing-Albert FP-2250 friction tester. A thin film of the dodecyl amine functionalized graphene oxide quantum dots on steel lowered the friction coefficient from 0.17 to 0.11 and revealed a significant corrosion inhibition effect.
Abstract-We study the vulnerability reports in the Common Vulnerability and Exposures (CVE) database by using topic models on their description texts to find prevalent vulnerability types and new trends semi-automatically. In our study of the 39,393 unique CVEs until the end of 2009, we identify the following trends, given here in the form of a weather forecast:
Enforcing complex policies that span organizational domains is an open challenge. Current work on SOA policy enforcement splits security in logical components that can be distributed across domains, but does not offer any concrete solution to integrate this security functionality so that it works across security services for organization-wide policies. In this paper, we propose xESB, an enhanced version of an Enterprise Message Bus (ESB), where we monitor and enforce preventive and reactive policies, both for access control and usage control policies, and both inside one domain and between domains. In addition, we introduce indicators that help SOA administrators assess the effectiveness of their policies. Our performance measurements show that policy enforcement at the ESB level comes with only moderate penalties.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.