Thumbnail

VulnEx: Exploring Open-Source Software Vulnerabilities in Large Development Organizations to Understand Risk Exposure

F. L. Dennig, E. Cakmak, H. Plate, D. A. Keim

Proceedings of the 18th IEEE Symposium on Visualization for Cyber Security (VizSec), DOI:10.1109/VizSec53666.2021.00014, 2021
Software Security Visualization Application Security Open-Source Vulnerability Exposure Analysis Software Auditing
Abstract

The prevalent usage of open-source software (OSS) has led to an increased interest in resolving potential third-party security risks by fixing common vulnerabilities and exposures (CVEs). However, even with automated code analysis tools in place, security analysts often lack the means to obtain an overview of vulnerable OSS reuse in large software organizations. In this design study, we propose VulnEx (Vulnerability Explorer), a tool to audit entire software development organizations. We introduce three complementary table-based representations to identify and assess vulnerability exposures due to OSS, which we designed in collaboration with security analysts. The presented tool allows examining problematic projects and applications (repositories), third-party libraries, and vulnerabilities across a software organization. We show the applicability of our tool through a use case and preliminary expert feedback.

Materials
PNG
PNG
PNG
PNG
PNG
Related Publication
thumbnail
F. L. Dennig, M. Miller, D. A. Keim, M. El-Assady
FS/DS: A Theoretical Framework for the Dual Analysis of Feature Space and Data Space
IEEE Transactions on Visualization and Computer Graphics, 2023
thumbnail
F. L. Dennig, M. T. Fischer, M. Blumenschein, J. Fuchs D. A. Keim E. Dimara
ParSetgnostics: Quality Metrics for Parallel Sets
Computer Graphics Forum, 2021
thumbnail
F. L. Dennig, T. Polk, Z. Lin, T. Schreck H. Pfister M. Behrisch
FDive: Learning Relevance Models using Pattern-based Similarity Measures
Proceedings of IEEE Conference on Visual Analytics Science and Technology (VAST), 2019
Title