• norsk
    • English
  • English 
    • norsk
    • English
  • Login
View Item 
  •   Home
  • Faculty of Science and Technology
  • Department of Informatics
  • Master theses
  • View Item
  •   Home
  • Faculty of Science and Technology
  • Department of Informatics
  • Master theses
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

Secure coding through integration of public information security sources to eclipse development environment

Lunde, Sivert
Master thesis
Thumbnail
View/Open
master thesis (762.1Kb)
URI
https://hdl.handle.net/11250/3021969
Date
2022-06-01
Metadata
Show full item record
Collections
  • Master theses [222]
Abstract
The use of open source components in software development has been growing at a rapid pace for a number of years. This increase in use of open source software is accompanied by an increase in the risk of security vulnerabilities. With an extensive amount of research and time spent towards the development of tools to help mitigate security vulnerabilities in developers' own code, the issue of identifying vulnerabilities in the open source components they use has been rather neglected by comparison. Public security source such as NVD, CVE and CWE already contain an enormous amount of data on both security vulnerabilities in general, as well as specific known instances of vulnerabilities in software. The primary goal of this thesis is to develop a plugin for the Eclipse development environment which seeks to connect developers to these public security sources directly in their IDE. The plugin will specifically be targeted at maven projects, and will help mitigate potential vulnerabilities by scanning the dependencies of a project and finding any potential vulnerability data for them registered in the NVD. The plugin will be evaluated by utilizing open source dependencies and projects in various tests which seek to identify its performance related to soundness and completeness, as well as runtime performance. The results show a precision of 93%, a recall of 65% and an accuracy of 80%. The runtime performance is shown to be moderate with a linear growth depending on the number of dependencies being scanned. This thesis contributes to research by shedding a light on an under-developed field of software security mitigation and proposes a prototype plugin to help solve the issue.
Publisher
The University of Bergen
Copyright
Copyright the Author. All rights reserved

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit
 

 

Browse

ArchiveCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsDocument TypesJournalsThis CollectionBy Issue DateAuthorsTitlesSubjectsDocument TypesJournals

My Account

Login

Statistics

View Usage Statistics

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit