Goals
The most specific technical objectives of the project and the corresponding measurable expected results for the verification of these objectives are:
1. The development of an automated Verification and Validation (V&E) toolkit,named VM4SECfor security-sensitive software applications, which will support the implementation of security interventions within the software product lifecycle. The VM4SEC toolkit will allow software developers to focus only on the security aspects of the produced software projects, thereby minimizing the redundant work associated with E&E processes, which are performed after the software implementation phase is completed, emphasizing the implementation of security requirements in the various stages of the Software Development Life Cycle (SDL) and especially in the code development stage.
2. The creation of an Open Source Knowledge Base. It involves collecting data from existing software repositories to create a knowledge base that will contain security-critical software projects along with a list of vulnerabilities they are known to contain.
3. The development of an innovative hierarchical Security Assessment Model. It will enable fully automated and reliable security assessment of software products, based on the previously constructed knowledge base.
4. The development of a cost-effective, high-accuracy vulnerability prediction model to increase the quality of software vulnerability prediction. By developing advanced machine learning techniques based on the raw data collected in the open knowledge base, a prediction model and corresponding recommendation engine will be implemented to more accurately detect security-critical software components.
5. The installation, implementation and evaluation of the proposed VM4SEC toolkit in a real operational environment with security-critical commercial software applications. In collaboration with software development company Onelity, the implemented toolkit will be evaluated to verify and validate its commercial application.
