Visible to the public Automating Threat Intelligence for SDL

TitleAutomating Threat Intelligence for SDL
Publication TypeConference Paper
Year of Publication2018
AuthorsKannavara, R., Vangore, J., Roberts, W., Lindholm, M., Shrivastav, P.
Conference Name2018 IEEE Cybersecurity Development (SecDev)
Date Publishedsep
KeywordsAutomated Secure Software Engineering, composability, Conferences, data mining, Databases, enterprise information technology infrastructure, Feeds, IT infrastructure, Malware, open source threat information sources mining, product deployment, Product design, product development, product security, product specific threat indicators, pubcrawl, Resiliency, SDL, security, security community, security development lifecycle, security of data, software engineering, Stakeholders, tactical threat intelligence, threat intelligence, vulnerability disclosure
AbstractThreat intelligence is very important in order to execute a well-informed Security Development Lifecycle (SDL). Although there are many readily available solutions supporting tactical threat intelligence focusing on enterprise Information Technology (IT) infrastructure, the lack of threat intelligence solutions focusing on SDL is a known gap which is acknowledged by the security community. To address this shortcoming, we present a solution to automate the process of mining open source threat information sources to deliver product specific threat indicators designed to strategically inform the SDL while continuously monitoring for disclosures of relevant potential vulnerabilities during product design, development, and beyond deployment.
Citation Keykannavara_automating_2018