Vulnerability Propagation Tool
Vulnerability Propagation Tool will calculate and offer the paths affected by a vulnerability in the source code.
Describe the innovation content of the result:
Allows the developers or security experts to know how vulnerabilities propagate through the application using a standard CFG (Control Flow Graph) to represent the code logic.
Who will be the customer?
Software developers or security experts that already have located a vulnerable function, line or lines of source code.
What benefit will it bring to the customers?
Be able to track how a vulnerability propagates across their application or component. This allows the customer to find the paths an attacker could exploit and take measures to limit or erase the risk.
When is the expected date of achievement in the project (Mth/yr)?
When is the time to market (Mth/yr)?
What are the costs to be incurred after the project and before exploitation?
What is the approximate price range of this result/price of licences?
What are the market size in Millions € for this result and relevant trend?
How will this result rank against competing products in terms of price/performance?
To be determined
Who are the competitors for this result?
Checkmarxk, Micro Focus, Veracode, Synopsys
How fast and in what ways will the competition respond to this result?
To be determined
Who are the partners involved in the result?
Who are the industrial partners interested in the result (partners, sponsors, etc.)?
Have you protected or will you protect this result? How? When?
IP rights for source code are reserved. The source code will not be publicly available
BIECO Integrated Platform will integrate the tools in a loosely coupled way.
Data Collection Tool (DCT) stores information from relevant vulnerability related datasets, providing a single access point to information required by the vulnerability detection and forecasting tools developed in T3.3, as well as for the failure prediction tools developed in T4.2.
Vulnerability Detection Tool will detect existing vulnerabilities within the source code which may lead to the successful execution of an attack.
Vulnerability Exploitability Forecasting Tool will estimate the probability of a vulnerability to be exploited in the next 3, 6 or 12 months.
Fuzzing Tool will test System Under Test (SUT) security vulnerabilities or inputs not contemplated that could compromise the system; as a black-box process, by using unintended or incorrect inputs and monitoring their corresponding outputs.
This exploitation result consists in cybersecurity consultancy services supported by ResilBlockly (former Blockly4SoS), a Model-Driven Engineering tool that has been developed in the context of BIECO.