VM4SEC:Vulnerability Management Toolkit for Developing Secure Software Systems
A key objective of the VM4SEC project is to reduce the time and corresponding human effort required by the commonly recognized difficult, time-consuming and error-prone software Verification and Validation (V&V) process, focusing in particular on security-sensitive , software projects, through the creation and provision of appropriate tools. The purpose of the tools that will be produced as a result of VM4SEC is to leverage the data provided by widely used V&V techniques (e.g. static analysis) in order to: (a) the security assessment of software products under development and (b) the early detection of potentially vulnerable parts. The generated information will be presented to the user through appropriate visualization techniques, in order to support decision-making during the software development life cycle. More specifically, the project is to develop a new hierarchical Security Assessment Model to identify vulnerabilities and effectively facilitate decision-making tasks during secure software development. It will also provide a vulnerability prediction model, as well as a recommendation engine, to predict software vulnerabilities, aiming (a) avoiding their introduction into the system – and thus improving the quality (with respect to security) of the software product under development, and (b) ensuring compliance with the initially prescribed security requirements. Through its collaborating agencies, as part of its work, the project will evaluate the proposed tool, in a real operational environment, in order to verify the possibilities for its commercial exploitation.
The VM4SEC project aspires to introduce an innovative methodology for vulnerability detection in software projects, together with the corresponding support tools, that allow the fusion of security requirements in the code development process (reducing software maintenance time), in order to effectively increase the productivity of development of security sensitive software applications. The vision of the project is for the VM4SEC toolkit to be an innovative and widely accepted solution by the software development industry for the efficient (cost and time) development of security-sensitive software products, but also to form a reliable basis for future research efforts in the field of software security.
