University of Twente Student Theses
Automation of software vulnerability monitoring for third party products in large IT companies
Kolev, Stiliyan (2019) Automation of software vulnerability monitoring for third party products in large IT companies.
Full text not available from this repository.
| Full Text Status: | Access to this publication is restricted |
| Abstract: | This thesis was done for the Product Security Incident Response Team (PSIRT) of a large IT company. The team provides a centralized vulnerability management service internally for all of the company’s products. Many software vulnerabilities are disclosed every day and their timely and accurate evaluation and processing is of great importance for mitigating cyber threats. To deal with that, the company has identified the benefits of automation in following various vulnerability sources and subsequently vulnerability alert creation. When the study began, the PSIRT was already using scripts written in Python to automate some of the repetitive tasks. However, the scripts were with limited scope and still required significant manual interaction. There are two main goals of the thesis. First, opportunities for further automation in the generation of vulnerability alerts were identified and analysed. Suitability of commercial vulnerability feeds was also evaluated as part of the study. Second, new scripts were written, tested and deployed for some of the tasks that were subject to automation. Various challenges such as trustworthiness of sources of vulnerability information, naming inconsistencies of third party products (3PP) and considerations regarding programmatically parsing security advisories are discussed in detail. The target audience of this thesis are PSIRTs but other organizational units tasked with product security may benefit as well. |
| Item Type: | Essay (Master) |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 54 computer science |
| Programme: | Computer Science MSc (60300) |
| Link to this item: | https://purl.utwente.nl/essays/79711 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page