ProSVED
Financiado
Projection of Security Vulnerabilities caused by Exploits in Dependencies
ProSVED stands for Projection of Security Vulnerabilities caused by Exploits in Dependencies, and targets the prognosis of software vulnerabilities via security exploits in third-party libraries. The code controlled by developers,...
ProSVED stands for Projection of Security Vulnerabilities caused by Exploits in Dependencies, and targets the prognosis of software vulnerabilities via security exploits in third-party libraries. The code controlled by developers, e.g. to add security patches, is a small fraction of the whole codebase that supports any software project today. Most lines of code reside in external dependencies whose security vulnerabilities pose threats to the entire project. This can be mitigated via strategic update policies. However, measuring the risks to find optimal policies constitutes a tremendous prognosis problem, to find the needle of offending lines that hide in a haystack of third-party libraries. ProSVED proposes a novel rare-event approach to the challenge, to estimate the most promising update policies in order to reduce the security risks inherited from external code. Working with experts from the University of Trento, ProSVED will thus push the frontiers of software security analysis, taking it beyond its classical empirical approach, and into the horizon of formal risk modelling for prediction and mitigation.
ver más
Duración del proyecto: 23 meses
Fecha Inicio: 2022-06-21
Fecha Fin: 2024-06-20
Fecha Fin: 2024-06-20
Línea de financiación: concedida
El organismo HORIZON EUROPE notifico la concesión del proyecto el día 2024-06-20
Línea de financiación objetivo
El proyecto se financió a través de la siguiente ayuda:
HORIZON-MSCA-2021-PF-01-01:
MSCA Postdoctoral Fellowships 2021
Cerrada
hace 3 años
Líder del proyecto
UNIVERSITA DEGLI STUDI DI TRENTO
No se ha especificado una descripción o un objeto social para esta compañía.
Perfil tecnológico
TRL
4-5
Perfil tecnológico
TRL
4-5