SHIELDS · Detecting known security vulnerabilities from within design and development tools

Software systems continue to be crippled by security vulnerabilities. One of the reasons for this is that information on known vulnerabilities is not easily available to software developers, or integrated into the tools they use.<br/> The main objective of SHIELDS is to increase software security by bridging the gap between security experts and software practitioners and by providing the software developers with the means to effectively prevent occurrences of known vulnerabilities when building software.<br/> We will achieve this objective by developing novel formalisms for representing security information, such as known vulnerabilities, in a form directly usable by development tools, and accessible to software developers. This information will be stored in an internet-based Security Vulnerabilities Repository Service (SVRS) that facilitates fast dissemination of vulnerability information from security experts to software developers. We will also present a new breed of security methods and tools (some open source, some commercial) that are constantly kept up-to-date by using the information stored in the SVRS.<br/> In addition to the SVRS, and new security tools, we will create a SHIELDS Compliant certification for tools and a SHIELDS Verified logo program for software developers that will offer an affordable and yet technically effective evaluation and certification method in the fight against common security vulnerabilities. Commercial exploitation will be through these programs, the tools, and through subscriptions to the repository (parts will be free).<br/> The consortium consists of two universities and three major research institutes, with complementary leading expertise in the technical areas of the project, one large software developer, and two SMEs that specialise in security consulting, security evaluations and development of secure software.<br/> The project duration will be 30 months, with an overall budget of 4.9M euro and requested grant of 3.6 M euro