Chapter 8

Analyzing Security Data

Andrew Meneely*    * Department of Software Engineering, Rochester Institute of Technology, Rochester, NY, USA

Abstract

Security is a challenging and strange property of software. Security is not about understanding how a customer might use the system; security is about ensuring that an attacker cannot abuse the system. Instead of defining what the system should do, security is about ensuring that system does not do something malicious. As a result, applying traditional software analytics to security leads to some unique challenges and caveats. In this chapter, we will discuss four “gotchas” of analyzing security data, along with vulnerabilities and severity scoring. We will describe a method commonly-used ...

Get The Art and Science of Analyzing Software Data now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.