Skip to content

Add covsbom paper - issre 2024 #187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Dec 5, 2024
Merged

Add covsbom paper - issre 2024 #187

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
24a056c
Add: adding covsbom paper - issre 2024
yzhang71 Dec 5, 2024
0e73dc4
Add: adding covsbom paper - issre 2024
yzhang71 Dec 5, 2024
57f5b92
Mod: Fixing the indentation issue.
yzhang71 Dec 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions _data/data.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1320,6 +1320,19 @@ publications:
### DO NOT FORGET TO ADD YOUR NEW TAG &XXXXXX TO THE ENTRIES AT THE BOTTOM ###
### IF YOU FORGET, YOUR ENTRIES WILL NOT SHOW UP ON THE SITE! ###

- &covsbom_issre_2024
anchor: covsbom_issre_2024
title: "CovSBOM: Enhancing Software Bill of Materials with Integrated Code Coverage Analysis"
authors:
- name: "Y. Zhao, Y. Zhang, D. Chacko, J. Cappos."
project:
booktitle: "The 35th IEEE International Symposium on Software Reliability Engineering (ISSRE 2023)"
year: "2024"
pages: ""
publisher: ""
link: "/papers/covsbom_issre_2024.pdf"
abstract: "The widespread integration of open-source software into commercial codebases, government systems, and critical infrastructure presents significant security challenges, particularly due to the inclusion of vulnerable components. Software Bills of Materials (SBOMs) are crucial for tracking these components; however, they lack detailed insights into the actual utilization of each component, thereby limiting their effectiveness in vulnerability management. This paper introduces CovSBOM, a novel tool that integrates code coverage analysis into SBOMs to provide enhanced transparency and facilitate precise vulnerability detection. CovSBOM addresses the gap between current SBOM and security scanning tools by providing detailed insights into which parts of third-party libraries are actually being used, thereby reducing inefficiencies and the misallocation of developer resources caused by overemphasizing irrelevant vulnerabilities. Through a comprehensive evaluation of 23 large-scale applications, encompassing 1,614 dependencies and 145 vulnerability alerts, CovSBOM has demonstrated a significant reduction in false positives, accurately identifying 105 such instances. This improvement enhances the precision of vulnerability detection by approximately 72%, while effectively maintaining a reasonable level of scalability and usability."

- &moore_artemis_2023
anchor: moore_artemis_2023
title: "Artemis: Defanging Software Supply Chain Attacks in Multi-repository Update Systems"
Expand Down Expand Up @@ -2954,6 +2967,7 @@ and the Debian popularity contest. Our tests found a total of 63 bugs in 31 appl
- type: Conference Papers
anchor: conference
publications:
- *covsbom_issre_2024
- *moore_artemis_2023
- *moore_port_icsoft_2022
- *moore_shuffle_ccsne_2022
Expand Down
Binary file added papers/covsbom_issre_2024.pdf
View file
Open in desktop
Binary file not shown.
Loading