Vulnerability Propagation Tool
Coordinated by
Gradiant
Vulnerability Propagation Tool will calculate and offer the paths affected by a vulnerability in the source code.
Description
Describe the innovation content of the result:
Allows the developers or security experts to know how vulnerabilities propagate through the application using a standard CFG (Control Flow Graph) to represent the code logic.
Who will be the customer?
Software developers or security experts that already have located a vulnerable function, line or lines of source code.
What benefit will it bring to the customers?
Be able to track how a vulnerability propagates across their application or component. This allows the customer to find the paths an attacker could exploit and take measures to limit or erase the risk.
When is the expected date of achievement in the project (Mth/yr)?
February 2023
When is the time to market (Mth/yr)?
2-3 years
What are the costs to be incurred after the project and before exploitation?
1-2 M€
What is the approximate price range of this result/price of licences?
~1.000€
What are the market size in Millions € for this result and relevant trend?
2.500 M€
How will this result rank against competing products in terms of price/performance?
To be determined
Who are the competitors for this result?
Checkmarxk, Micro Focus, Veracode, Synopsys
How fast and in what ways will the competition respond to this result?
To be determined
Who are the partners involved in the result?
N/A
Who are the industrial partners interested in the result (partners, sponsors, etc.)?
N/A
Have you protected or will you protect this result? How? When?
IP rights for source code are reserved. The source code will not be publicly available
Other results
Vulnerabilities Forecasting Tool
The Vulnerabilities Forecasting Tool (VFT) provides historical vulnerability data and projections for time intervals of 1, 2, 3, 6, and 12 months for several major software components.
Failure Prediction Tool
The Failure Prediction Tool (FPT) performs failure predictions by monitoring the logs of the applications that make up a system. It has a REST interface through which it receives in real time the log messages from the monitored applications.
safeTbox
The pre-existing tool safeTbox (www.safetbox.de) has been extended to support interoperation with the ResilBlockly tool for combined safety and security analysis.
Conditional Safety Certificates for ICT
Conditional Safety Certificates (ConSerts) have been applied to support resiliency of ICT infrastructures. Support for deployment and execution of ConSerts in ICT infrastructure according to use case needs was provided additionally.
SafeML based reliability assessment
In earlier work, a statistical distance-based measure (SafeML) is proposed for machine learning components. In BIECO project, we propose extension of it with the use of Statistical Distance Dissimilarity across time series to obtain SDD based reliability and robustness estimate (StadRE and StadRO).