Accession Number : AD1005645

Title :   Software Epistemology

Descriptive Note : Technical Report,01 Dec 2013,30 Sep 2015

Corporate Author : THE CHARLES STARK DRAPER LABORATORY, INC. Cambridge United States

Personal Author(s) : Opper,Jeffrey M

Full Text :

Report Date : 01 Mar 2016

Pagination or Media Count : 36

Abstract : The effort developed a comprehensive approach for determining software epistemology which significantly advances the state of the art in automated vulnerability discovery. The approach applies an analytic sieve concept and a novel hashing scheme to a large corpus of open-source software to mine information that indicates the presence of pre- and post-fix conditions in program control flow, fully exploiting the hierarchy of abstraction and richness of data produced by the artifact extraction process, while taking advantage of the scalable computation capabilities present in TitanDB. The developed prototype software system is able to quickly analyze and compare software packages, demonstrating an ability to identify individual software components in a software system and track common vulnerabilities in software packages across large code corpora.

Descriptors :   computer programs , computer security , Vulnerability , Automation , software , risk

Distribution Statement : APPROVED FOR PUBLIC RELEASE