Skip to main content
Go to the home page of the European Commission (opens in new window)
English English
CORDIS - EU research results
CORDIS

Projection of Security Vulnerabilities caused by Exploits in Dependencies

Project description

Rare-event approach revolutionising software security

Data protection is increasingly important today, as more companies develop software using open source code, leading to many dependencies and third-party components (like external libraries and apps). These involve pieces of software, chunks of data, or commands sequences that can take advantage of a bug or vulnerability. Amounts of third-party code in software are too high to be effectively mitigated through updating policies. The EU-funded ProSVED project will revolutionise the prediction of the security of vulnerabilities caused by exploits in dependencies thanks to a unique rare-event sampling approach. It will enable effective update strategies and decrease security risks arising from external resources while leveraging software security to the highest levels.

Objective

ProSVED stands for Projection of Security Vulnerabilities caused by Exploits in Dependencies, and targets the prognosis of software vulnerabilities via security exploits in third-party libraries. The code controlled by developers, e.g. to add security patches, is a small fraction of the whole codebase that supports any software project today. Most lines of code reside in external dependencies whose security vulnerabilities pose threats to the entire project. This can be mitigated via strategic update policies. However, measuring the risks to find optimal policies constitutes a tremendous prognosis problem, to find the needle of offending lines that hide in a haystack of third-party libraries. ProSVED proposes a novel rare-event approach to the challenge, to estimate the most promising update policies in order to reduce the security risks inherited from external code. Working with experts from the University of Trento, ProSVED will thus push the frontiers of software security analysis, taking it beyond its classical empirical approach, and into the horizon of formal risk modelling for prediction and mitigation.

Fields of science (EuroSciVoc)

CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: https://op.europa.eu/en/web/eu-vocabularies/euroscivoc.

You need to log in or register to use this function

Keywords

Project’s keywords as indicated by the project coordinator. Not to be confused with the EuroSciVoc taxonomy (Fields of science)

Programme(s)

Multi-annual funding programmes that define the EU’s priorities for research and innovation.

Topic(s)

Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.

Funding Scheme

Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.

HORIZON-TMA-MSCA-PF-EF - HORIZON TMA MSCA Postdoctoral Fellowships - European Fellowships

See all projects funded under this funding scheme

Call for proposal

Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.

(opens in new window) HORIZON-MSCA-2021-PF-01

See all projects funded under this call

Coordinator

UNIVERSITA DEGLI STUDI DI TRENTO
Net EU contribution

Net EU financial contribution. The sum of money that the participant receives, deducted by the EU contribution to its linked third party. It considers the distribution of the EU financial contribution between direct beneficiaries of the project and other types of participants, like third-party participants.

€ 172 750,08
Address
VIA CALEPINA 14
38122 Trento
Italy

See on map

Region
Nord-Est Provincia Autonoma di Trento Trento
Activity type
Higher or Secondary Education Establishments
Links
Total cost

The total costs incurred by this organisation to participate in the project, including direct and indirect costs. This amount is a subset of the overall project budget.

No data
My booklet 0 0