TECHNOLOGY OF IDENTIFICATION AND CLASSIFICATION OF SOFTWARE FAILURES AND VULNERABILITIES
DOI:
https://doi.org/10.31891/2219-9365-2023-73-1-8Keywords:
software failure, software vulnerability, identification of failures and vulnerabilities, classification of failures and vulnerabilitiesAbstract
All major software security approaches are aimed at preventing total software failure, but not at identifying software failures and vulnerabilities. The success of software security approaches is only possible due to the identification and reduction of the number of errors, therefore, the identification of software failures and vulnerabilities is an urgent task at the moment.
A review of the literature on known methods and technologies for detecting software failures and vulnerabilities showed that, although the analyzed methods and technologies have great potential for the field of software engineering, none of the known solutions are designed to identify and classify software failures and vulnerabilities according to with failure classification rules and vulnerability classification rules. Therefore, it is necessary to design and implement the technology of identification and classification of software failures and vulnerabilities based on the rules of classification of software failures and vulnerabilities, which is the purpose of this study.
The article develops questionnaires for collecting information about failure(s) and vulnerability(s), as well as developed rules for classification of failures based on the analysis of answers to questionnaire questions for collecting information about failure(s) and classification of vulnerabilities based on the analysis of answers to questionnaire questions to collect information about the vulnerability(s). The developed rules make it possible to identify and classify failure(s) and vulnerability(s) that occurred during the software's operation.
The article develops a technology of identification and classification of software failures and vulnerabilities, which provides a conclusion on the presence or absence of software failure(s); conclusion on the presence or absence of software vulnerability(s); conclusion about the type of failure and the type of vulnerability in case of their presence, thanks to which the proposed technology is useful for software users due to the identification and classification of failures and vulnerabilities.
