Vis enkel innførsel

dc.contributor.authorLunde, Sivert
dc.date.accessioned2022-09-27T23:46:11Z
dc.date.available2022-09-27T23:46:11Z
dc.date.issued2022-06-01
dc.date.submitted2022-09-27T22:00:36Z
dc.identifier.urihttps://hdl.handle.net/11250/3021969
dc.description.abstractThe use of open source components in software development has been growing at a rapid pace for a number of years. This increase in use of open source software is accompanied by an increase in the risk of security vulnerabilities. With an extensive amount of research and time spent towards the development of tools to help mitigate security vulnerabilities in developers' own code, the issue of identifying vulnerabilities in the open source components they use has been rather neglected by comparison. Public security source such as NVD, CVE and CWE already contain an enormous amount of data on both security vulnerabilities in general, as well as specific known instances of vulnerabilities in software. The primary goal of this thesis is to develop a plugin for the Eclipse development environment which seeks to connect developers to these public security sources directly in their IDE. The plugin will specifically be targeted at maven projects, and will help mitigate potential vulnerabilities by scanning the dependencies of a project and finding any potential vulnerability data for them registered in the NVD. The plugin will be evaluated by utilizing open source dependencies and projects in various tests which seek to identify its performance related to soundness and completeness, as well as runtime performance. The results show a precision of 93%, a recall of 65% and an accuracy of 80%. The runtime performance is shown to be moderate with a linear growth depending on the number of dependencies being scanned. This thesis contributes to research by shedding a light on an under-developed field of software security mitigation and proposes a prototype plugin to help solve the issue.
dc.language.isoeng
dc.publisherThe University of Bergen
dc.rightsCopyright the Author. All rights reserved
dc.titleSecure coding through integration of public information security sources to eclipse development environment
dc.typeMaster thesis
dc.date.updated2022-09-27T22:00:36Z
dc.rights.holderCopyright the Author. All rights reserved
dc.description.degreeMasteroppgave i Programutvikling samarbeid med HVL
dc.description.localcodePROG399
dc.description.localcodeMAMN-PROG
dc.subject.nus754199
fs.subjectcodePROG399
fs.unitcode12-12-0


Tilhørende fil(er)

Thumbnail

Denne innførselen finnes i følgende samling(er)

Vis enkel innførsel