Vulnerabilities discovered in software are not only due to programming errors but also due to design flaws. There are a number of methods to avoid design flaws which are all manual processes and need expertise.
We believe that the study of models of classes of vulnerabilities would give developers sufficient knowledge in how to avoid these vulnerabilities. A model of class of vulnerability can also help in the decision making process during the software development process.
In this thesis, we present a procedure for modeling a class of vulnerabilities given instances of Vulnerability Cause Graphs (VCGs). Using VCGs will structure the representation of causes to vulnerabilities.
The approach presented in this thesis makes it possible to divide the work of modeling a class of vulnerability without any permanent dependence on any specific persons. The approach is also flexible enough to accommodate new causes of vulnerabilities in software when being discovered.
Source: Linköping University
Author: Hiran, Rahul