Data Collection Tool
Data Collection Tool (DCT) stores information from relevant vulnerability related datasets, providing a single access point to information required by the vulnerability detection and forecasting tools developed in T3.3, as well as for the failure prediction tools developed in T4.2.
Describe the innovation content of the result:
The Data Collection Tool (DCT) will provide datasets gathered from BIECO’s pilots and public data sources.
Who will be the customer?
Companies using ICT systems.
What benefit will it bring to the customers?
The developed DCT is a platform aimed at collecting, maintaining, and disseminating information about discovered computer security vulnerabilities.
When is the expected date of achievement in the project (Mth/yr)?
When is the time to market (Mth/yr)?
What are the costs to be incurred after the project and before exploitation?
DCT is usable at this moment and can be used as it is in a safe environment. Industrialization of the product in terms of orchestration requires the integration in the BIECO Platform.
What is the approximate price range of this result/price of licences?
The usage of the product is free of charge.
What are the market size in Millions € for this result and relevant trend?
N/A (see below).
How will this result rank against competing products in terms of price/performance?
In terms of price: DCT is released as free of charge usage, so it does not have any impact on costs.
In terms of performance: This tool integrates several types of data, so there is an impact for those who use this tool, as there is no need to use different sources.
Who are the competitors for this result?
Sonatype REST API, OpenCVE.
How fast and in what ways will the competition respond to this result?
Unknown at the moment.
Who are the partners involved in the result?
UTC, GRAD, UMU and HS.
Who are the industrial partners interested in the result (partners, sponsors, etc.)?
Unknown at the moment.
Have you protected or will you protect this result? How? When?
DCT has been presented at ICTSS 2021, PROINVENT 2021, and we are planning to prepare a contribution for a journal article by the end of the project.
BIECO Integrated Platform will integrate the tools in a loosely coupled way.
Vulnerability Detection Tool will detect existing vulnerabilities within the source code which may lead to the successful execution of an attack.
Vulnerability Exploitability Forecasting Tool will estimate the probability of a vulnerability to be exploited in the next 3, 6 or 12 months.
Vulnerability Propagation Tool will calculate and offer the paths affected by a vulnerability in the source code.
Fuzzing Tool will test System Under Test (SUT) security vulnerabilities or inputs not contemplated that could compromise the system; as a black-box process, by using unintended or incorrect inputs and monitoring their corresponding outputs.
This exploitation result consists in cybersecurity consultancy services supported by ResilBlockly (former Blockly4SoS), a Model-Driven Engineering tool that has been developed in the context of BIECO.