A Survey of Detection Methods for Software Use-After-Free Vulnerability

“…According to S. Pooja [1], which is based on an analysis of The National Vulnerability Database (NVD) (USA), over the past three years, the number of digital code vulnerabilities has increased by 26.6% (2019 -17.3 thousand records / 2021 -21.9 thousand records), data from M. Fu [2] points to the rapid growth of software code vulnerabilities -in 5 times during the last decade, J. Zhou [3] points out that about 64% of the core software of the banks of the global financial community have digital code vulnerabilities, which according to 2021 is estimated in the losses from cybercrime of $ 6 trillion. Analysis of the data presented in the aforementioned publications, as well as in other relevant publications on the specified research vector [4][5][6][7][8][9][10][11][12][13], allows us to come to the following conclusion: 90% of software vulnerabilities are caused by the violations and defects in the source code, 21% of incidents involving loss of confidential data are caused by vulnerabilities in the digital code of software products used, every third software application being implemented and used at present has a digital code body, and in 1000 lines of software code it is revealed up to 60 % of the vulnerabilities. Consequently, due to the presence of such a system error, which tends to multiply significantly, the need to find and develop adequate solutions that will significantly improve information and cyber-digital security, as well as to secure critical infrastructure objects operating under the control of cyber-physical systems, becomes urgent.…”

Secure Change Management Process: On the Effectiveness of DevSecOps

“…According to S. Pooja [1], which is based on an analysis of The National Vulnerability Database (NVD) (USA), over the past three years, the number of digital code vulnerabilities has increased by 26.6% (2019 -17.3 thousand records / 2021 -21.9 thousand records), data from M. Fu [2] points to the rapid growth of software code vulnerabilities -in 5 times during the last decade, J. Zhou [3] points out that about 64% of the core software of the banks of the global financial community have digital code vulnerabilities, which according to 2021 is estimated in the losses from cybercrime of $ 6 trillion. Analysis of the data presented in the aforementioned publications, as well as in other relevant publications on the specified research vector [4][5][6][7][8][9][10][11][12][13], allows us to come to the following conclusion: 90% of software vulnerabilities are caused by the violations and defects in the source code, 21% of incidents involving loss of confidential data are caused by vulnerabilities in the digital code of software products used, every third software application being implemented and used at present has a digital code body, and in 1000 lines of software code it is revealed up to 60 % of the vulnerabilities. Consequently, due to the presence of such a system error, which tends to multiply significantly, the need to find and develop adequate solutions that will significantly improve information and cyber-digital security, as well as to secure critical infrastructure objects operating under the control of cyber-physical systems, becomes urgent.…”

Secure Change Management Process: On the Effectiveness of DevSecOps

CtxFuzz: Discovering Heap-Based Memory Vulnerabilities Through Context Heap Operation Sequence Guided Fuzzing