What Are the Critical Security Flaws in My System?
Delivering secure software is a challenge that every software engineering team needs to face and solve. Methods based on static analysis can help programmers identify security risks in the software. Security checkers built using static analysis methods are a great help but they can overload the users with their findings. Today there is no security checker for Erlang that understands the severity of the found vulnerability and uses the information to prioritise the found vulnerabilities when presenting the results to the programmers.
In this paper we discuss how to prioritise vulnerabilities in Erlang programs. We propose a static analysis that determines the severity of a vulnerability. Building on top of our previous work, we extend the trust zone analyser algorithm with the proposed analysis to return prioritised results to the programmers. Our early evaluation shows that the trust zone analyser is able to identify and prioritise the most critical security flaws in an Erlang system.
Fri 27 AugDisplayed time zone: Seoul change
01:30 - 03:00 | |||
01:30 30mTalk | What Are the Critical Security Flaws in My System? Erlang Viktória Fördős Cisco Systems DOI | ||
02:00 30mTalk | The Hera Framework for Fault-Tolerant Sensor Fusion with Erlang and GRiSP on an IoT Network Erlang Sébastien Kalbusch Université Catholique de Louvain, Vincent Verpoten Université Catholique de Louvain, Peter Van Roy Université catholique de Louvain DOI | ||
02:30 10mVision and Emerging Results | Lightning Talk: The debugging tool that comes with Erlang/OTP I just learned exists after many years of using Erlang Erlang Peer Stritzinger Peer Stritzinger GmbH | ||
02:40 10mVision and Emerging Results | More lightning talks Erlang | ||
