“Characterizing Buffer Overflow Vulnerabilities in Large C/C++ Projects” is one of the newest papers published by AIDA in IEEE Access.

José D’Abruzzo Pereira, Naghmeh Ivaki and Marco Vieira were the authors of one of the newest papers under the scope of AIDA’s project. This paper, with a great focus on security vulnerabilities of software systems, was peer-reviewed, accepted for publication, and published on IEEE Access. 

This study highlights the fact that most buffer overflow vulnerabilities are not detectable by vulnerability detection tools and there is a need for a better understanding of such vulnerabilities and their main causes in large C/C++ Projects. According to the researchers, this paper analyzes 159 vulnerable code units from different projects with a large codebase and then later characterizes “the vulnerable and neutral versions of each code unit using software metrics”. As a result, the paper brings forward a set of observations that ought to be considered to improve the detection of buffer overflow vulnerabilities. 

IEEE Access is a multidisciplinary journal that presents the results of research or development of different areas. IEEE Access welcomed AIDA’s new paper on the 15th of October. 

Read the full paper here.