imec-DistriNet, KU Leuven (Belgium)
What is a security vulnerability?
Avoiding security vulnerabilities is at the core of secure software engineering. Nevertheless, a precise definition of what exactly constitutes a vulnerability is still missing. Besides the mere terminological confusion that is caused by this, it also leads to practical problems, for example when vulnerability counts are used to measure the security of a software program.
We propose a new, precise and generally applicable definition of a security vulnerability. Our definition depends on a `more secure than’ relationship between software programs, which we therefore also define. We discuss the properties and practical implications of our definitions, relate them to techniques such as model checking and fuzzing, and discuss their implications on measuring the security of a system and prioritizing countermeasures.
Koen Yskout is a research manager at the DistriNet research group of KU Leuven (Belgium), where he obtained his PhD in 2013.
His research themes include secure software engineering in the early development phases (e.g., threat modeling, security by design, model-driven security), with particular attention to the methodologies, processes, models, notations and formalisms that can be used.