Aggregating Industrial Security Findings with Semantic Similarity-Based Techniques

Markus Voggenreiter, Phillip Schneider, Abdullah Gulraiz

Publikation: Beitrag in Buch/Bericht/KonferenzbandKapitelBegutachtung

Abstract

In the last years, the unification of software development and operation teams has become a common trend for the industrial software development lifecycle. Affecting various aspects of software development, security activities are an essential field of application for these DevOps principles. A common practice arising from this trend is the automation of security tests analyzing the software product from multiple perspectives. Amongst others, this introduces the challenge of duplicate security findings being reported. To identify and eliminate these, security professionals have to invest time, effort, and domain expertise. In this article, we present our previous research on the automation of this aggregation process by semantic similarity-based clustering and extend it by applying it to three different industrial projects. Our results show the potential of latent semantic indexing (LSI) for the aggregation of industrial security findings from automated security testing.

OriginalspracheEnglisch
TitelSignals and Communication Technology
Herausgeber (Verlag)Springer Science and Business Media Deutschland GmbH
Seiten121-139
Seitenumfang19
DOIs
PublikationsstatusVeröffentlicht - 2024

Publikationsreihe

NameSignals and Communication Technology
BandPart F2085
ISSN (Print)1860-4862
ISSN (elektronisch)1860-4870

Fingerprint

Untersuchen Sie die Forschungsthemen von „Aggregating Industrial Security Findings with Semantic Similarity-Based Techniques“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren