[PDF][PDF] The common configuration scoring system (ccss): Metrics for software security configuration vulnerabilities
K Scarfone, P Mell - NIST interagency report, 2010 - csrc.nist.rip
Abstract The Common Configuration Scoring System (CCSS) is a set of measures of the
severity of software security configuration issues. CCSS is derived from CVSS, which was …
severity of software security configuration issues. CCSS is derived from CVSS, which was …
An empirical study on configuration-related issues: Investigating undeclared and unused identifiers
The variability of configurable systems may lead to configuration-related issues (ie, faults
and warnings) that appear only when we select certain configuration options. Previous …
and warnings) that appear only when we select certain configuration options. Previous …
Continuous benchmarking: Using system benchmarking in build pipelines
Continuous integration and deployment are established paradigms in modern software
engineering. Both intend to ensure the quality of software products and to automate the …
engineering. Both intend to ensure the quality of software products and to automate the …
An architectural pattern language of cloud-based applications
The properties of clouds--elasticity, pay-per-use, and standardization of the runtime
infrastructure--enable cloud providers and users alike to benefit from economies of scale …
infrastructure--enable cloud providers and users alike to benefit from economies of scale …
Zephyrus2: on the fly deployment optimization using SMT and CP technologies
Modern cloud applications consist of software components deployed on multiple virtual
machines. Deploying such applications is error prone and requires detailed system …
machines. Deploying such applications is error prone and requires detailed system …
Experience report: Anomaly detection of cloud application operations using log and cloud metric correlation analysis
Failure of application operations is one of the main causes of system-wide outages in cloud
environments. This particularly applies to DevOps operations, such as backup …
environments. This particularly applies to DevOps operations, such as backup …
Asserting reliable convergence for configuration management scripts
The rise of elastically scaling applications that frequently deploy new machines has led to
the adoption of DevOps practices across the cloud engineering stack. So-called …
the adoption of DevOps practices across the cloud engineering stack. So-called …
Towards understanding third-party library dependency in c/c++ ecosystem
Third-party libraries (TPLs) are frequently reused in software to reduce development cost
and the time to market. However, external library dependencies may introduce …
and the time to market. However, external library dependencies may introduce …
On debugging the performance of configurable software systems: Developer needs and tailored tool support
Determining whether a configurable software system has a performance bug or it was
misconfigured is often challenging. While there are numerous debugging techniques that …
misconfigured is often challenging. While there are numerous debugging techniques that …
Do the dependency conflicts in my project matter?
Intensive dependencies of a Java project on third-party libraries can easily lead to the
presence of multiple library or class versions on its classpath. When this happens, JVM will …
presence of multiple library or class versions on its classpath. When this happens, JVM will …