Logo Logo
Hilfe
Hilfe
Switch Language to English

Voggenreiter, Markus und Schöpp, Ulrich (2022): Using a semantic knowledge base to improve the management of security reports in industrial DevOps projects. ICSE '22: 44th International Conference on Software Engineering, Pittsburgh, Pennsylvania, May 21 - 29, 2022. In: Proceedings of the 44th International Conference on Software Engineering: Software Engineering in Practice, New York: Association for Computing Machinery. S. 309-310

Volltext auf 'Open Access LMU' nicht verfügbar.

Abstract

Integrating security activities into the software development life-cycle to detect security flaws is essential for any project. These activities produce reports that must be managed and looped back to project stakeholders like developers to enable security improvements. This so-called Feedback Loop is a crucial part of any project and is required by various industrial security standards and models.

However, the operation of this loop presents a variety of challenges. These challenges range from ensuring that feedback data is of sufficient quality over providing different stakeholders with the information they need to the enormous effort to manage the reports. In this paper, we propose a novel approach for treating findings from security activity reports as belief in a Knowledge Base (KB). By utilizing continuous logical inferences, we derive information necessary for practitioners and address existing challenges in the industry. This approach is currently evaluated in industrial DevOps projects, using data from continuous security testing.

Dokument bearbeiten Dokument bearbeiten