Abstract
In typical software development practice, the risk assessment is not being done in an integrated manner along with the SDLC life cycle. Mostly, risk assessment is a reactive process carried out either during the deployment process or during the evaluation of software for business. Humans are involved in the risk assessment process which is time consuming, error prone and expensive. The risks identified is also not immediately reflected upon the various people in the software development value chain. This causes the churning rate to find or alleviate risks in the future. In typical SDLC, risks may be developed while coding and it may be evident and would takes different shape as different version of the software gets updated over a period of time. Security aspects of the software solution depends on the code which needs to be consistently tracked on a continuous basis to monitor changes and its related risks, without which vulnerabilities and weakness identification will be reactive. It is always essential to identify risks based on the experience from others that is where the use of risk assessment frameworks would be handy along with vulnerability and weakness database such as common weakness enumeration, common vulnerability enumeration and Exploit DB. In this paper, NLP is implemented using deep learning techniques. This paper addresses the need for automated risk assessments with the help of NLP to auto identify the risks on the analysis of weakness and vulnerabilities.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Ameller D, Farré C, Franch X, Valerio D, Cassarino A (2017) Towards continuous software release planning. In: Software analysis, evolution and reengineering (SANER), 2017 IEEE 24th International Conference, pp 402–406
Avdoshin SM, Pesotskaya EY (2016) Software risk management: using the automated tools. In: Becker J et al (eds) Emerging trends in information systems. Springer, Netherlands, pp 85–97. doi:10.1007/978-3-319-23929-3_8
Chen X, Qi Y, Bai B, Lin Q, Carbonell JG (2011). Sparse latent semantic analysis. In: Proceedings of the 2011 SIAM International Conference on Data Mining. Society for Industrial and Applied Mathematics, pp 474–485
Chess B, McGraw G (2004) Static analysis for security. IEEE Security and Privacy, 2(6), pp 76–79
ETSI (2015) Methods for Testing and Specification: Risk-based Security Assessment and Testing Methodologies. http://www.etsi.org/deliver/etsi_eg/203200_203299/203251/01.01.01_50/eg_203251v010101m.pdf. Accessed 20 April 2017
Institute of Risk Management (IRM) Report (2002) A Risk Management Standard. https://www.theirm.org/media/886059/ARMS_2002_IRM.pdf. Accessed 20 April 2017
ISO/Guide 73:2009(en) (n.d.) Online Browsing Platform (OBP). https://www.iso.org/obp/ui/#iso:std:iso:guide:73:ed-1:v1:en:en. Accessed 20 April 2017
Liu D, Li Y, Thomas MA (2017) A roadmap for natural language processing research in information systems. In: Proceedings of the 50th Hawaii International Conference on System Sciences
Mikolov T, Sutskever I, Chen K, Corrado GS, Dean J (2013) Distributed representations of words and phrases and their compositionality. In: Proceedings of the 26th international conference on neural information processing systems, pp 3111–3119
Pfleeger SL (2000) Risky business: what we have yet to learn about risk management. J Syst Softw 53(3):265–273
Rosario B (2000) Latent semantic indexing: an overview. Technical Report INFOSYS, 240
Schwarz IJ, Sánchez IPM (2015) Implementation of artificial intelligence into risk management decision-making processes in construction projects, pp 357–378
Sharif AM, Basri S, Ali HO (2014) Strength and weakness of software risk assessment tools. Int J Softw Eng Appl 8(3):389–398
Shen YC, Lin GT, Lin JR, Wang CH (2017) A cross-database comparison to discover potential product opportunities using text mining and cosine similarity. J Sci Ind Res 76:11–16 (0975–1084 (Online); 0022–4456 (Print))
Thakur O, Singh J (2014). A review study: automated risk identification tool for software development process. Orient J Comp Sci Technol 2014 167–172
Vijayakumar K, Arun C (2017) Analysis and selection of risk assessment frameworks for cloud based enterprise applications. In: Special issue on biomedical research India—artificial intelligent techniques for bio-medical signal processing, pp 1–8
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Vijayakumar, K., Arun, C. Automated risk identification using NLP in cloud based development environments. J Ambient Intell Human Comput (2017). https://doi.org/10.1007/s12652-017-0503-7
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s12652-017-0503-7