DiVA

diva-portal.org

Digitala Vetenskapliga Arkivet

EnglishSvenskaNorsk
Ändra sökning
ExporteraLänk till posten
Permanent länk

Direktlänk
BETA

Projekt

Projekttyp/Bidragsform
Projektbidrag
Titel [en]
SESAM – Secure Software Engineering Through Sensible AutoMation
Abstract [en]
The rising complexity and sophistication of cyber threats necessitate proactive security measures in software development. Traditional methods, which often incorporate security checks late in the Software Development Life Cycle (SDLC), are inadequate due to their high cost and inefficiency. There are several barriers to integrate security measures early in the development— such as supporting developers in understanding and implementing security measures, integrating security into existing workflows, avoid productivity disruptions. The project will empower developers with tools and practices to seamlessly integrate security.
Publikationer (1 of 1) Visa alla publikationer
Fucci, D., Di Penta, M., Romano, S. & Scanniello, G. (2025). Augmenting Software Bills of Materials with Software Vulnerability Description: A Preliminary Study on GitHub. In: Li, J (Ed.), FSE Companion '25: Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering. Paper presented at 33rd ACM International Conference on the Foundations of Software Engineering, FSE Companion 2025, Trondheim, June 23-27, 2025 (pp. 631-635). Association for Computing Machinery (ACM)
Öppna denna publikation i ny flik eller fönster >>Augmenting Software Bills of Materials with Software Vulnerability Description: A Preliminary Study on GitHub
2025 (Engelska)Ingår i: FSE Companion '25: Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering / [ed] Li, J, Association for Computing Machinery (ACM), 2025, s. 631-635Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Software Bills of Material (SBOMs) are becoming a consolidated-and often enforced by governmental regulations-way to describe software composition. However, based on recent studies, SBOMs suffer from limited support for their consumption and lack information beyond simple dependencies, especially regarding software vulnerabilities. This paper reports the results of a preliminary study in which we augmented SBOMs of 40 open-source projects with information about Common Vulnerabilities and Exposures (CVE) exposed by project dependencies. Our augmented SBOMs have been evaluated by submitting pull requests and by asking project owners to answer a survey. Although, in most cases, augmented SBOMs were not directly accepted because owners required a continuous SBOM update, the received feedback shows the usefulness of the suggested SBOM augmentation.
Ort, förlag, år, upplaga, sidor
Association for Computing Machinery (ACM), 2025
Nyckelord
SBOM, Software repositories, VEX, Vulnerabilities management
Nationell ämneskategori
Programvaruteknik
Identifikatorer
urn:nbn:se:bth-28600 (URN)10.1145/3696630.3728513 (DOI)001593214400070 ()2-s2.0-105013970463 (Scopus ID)9798400712760 (ISBN)
Konferens
33rd ACM International Conference on the Foundations of Software Engineering, FSE Companion 2025, Trondheim, June 23-27, 2025
Forskningsfinansiär
KK-stiftelsen, 20230087KK-stiftelsen, 20180010
Tillgänglig från: 2025-09-05 Skapad: 2025-09-05 Senast uppdaterad: 2025-12-15Bibliografiskt granskad
ProjektledareFucci, Davide
Koordinerande organisation
Blekinge Tekniska Högskola
Forskningsfinansiär
Tidsperiod
2024-01-01 - 2027-12-31
Nationell ämneskategori
Programvaruteknik
Identifikatorer
DiVA, id: project:9549Projekt id: 20230087

Sök vidare i DiVA

Programvaruteknik

Sök vidare utanför DiVA

GoogleGoogle Scholar

Länk till extern projektsida

v. 2.47.0
|
WCAG
|
Om DiVA portal
|
Om DiVA-konsortiet