Semantic Analysis for Identifying Security Concerns in Software Procurement Edicts

Brazilian Federal Institutions must acquire software tools by procurement, so their software teams have to develop, verify, and audit the specifications to ensure that the edicts properly include software security risks concerns. This work presents the Automated Analyst of Edicts tool, which aids th...

Full description

Saved in:
Bibliographic Details
Published inNew generation computing Vol. 36; no. 1; pp. 21 - 40
Main Authors Peclat, Rodrigo N., Ramos, Guilherme N.
Format Journal Article
LanguageEnglish
Published Tokyo Ohmsha 2018
Springer Nature B.V
Subjects
Artificial Intelligence
Automation
Computer Hardware
Computer Science
Computer Systems Organization and Communication Networks
Procurement
Security
Sentences
Software development tools
Software Engineering/Programming and Operating Systems
Special Feature
Text mining
Security risks
Natural language processing
Online AccessGet full text

Cover

More Information
Summary:Brazilian Federal Institutions must acquire software tools by procurement, so their software teams have to develop, verify, and audit the specifications to ensure that the edicts properly include software security risks concerns. This work presents the Automated Analyst of Edicts tool, which aids the analysis of a document by automatic identification of absent relationships between its sentences and concepts related to software security risks or weaknesses. It was compared to software security experts’ performance for multi-label classification into five of the OWASP Top 10 risks. Specificity of over 80% was achieved when analyzing individual sentences for multiple risks, and a 90% negative prediction probability result obtained when applied to specific risk–sentence relationships.
ISSN:0288-3635
1882-7055
DOI:10.1007/s00354-017-0022-2