UPB Logo
Contact
  • Deutsch
  • English
    • Open Page "Studies"
      • Open Page "Prospective students"
      • Eltern
    • Students
    • International students & prospective students
    • School & teachers
    • Open Page "Teaching"
      • Open Page "Profile"
      • Academic Mission Statement
      • Digitalization & E-Learning
      • Open Source
      • Open Page "Teaching"
      • Competence-Oriented Education
      • Exam design
      • Organizing Courses
      • Course Evaluations
      • General Education Requirements
      • Lecture series on sustainability
    • AI in teaching
      • Open Page "Digital Teaching"
      • Digital Teaching
      • Digital learning rooms
      • Digital test formats
      • Digital test formats
      • Digital tools
      • FAQs
      • Open Page "Qualification and service"
      • Higher Education Development Unit
      • Writing Center
      • Internal Professional Development and Further Education
      • Interdisciplinary Cooperation to Improve Quality in Teacher Education (PLAZ)
      • Faculty-Specific Initiatives
      • Internationally Focused Academics
      • Open Page "Educational innovations"
      • Teaching Awards at UPB
      • Fellowship
      • Best-Practices Teaching Symposium
      • Teaching Projects
      • E-Learning Label
      • Open Page "Teaching research networks"
      • DH.NRW
      • Foundation for Innovation in Higher Education
      • Centre for Higher Mathematics Education (khdm)
      • Academic quality
    • Open Page "Research"
      • Open Page "Research profile"
      • Key research areas
      • Interdisciplinary research institutes
      • Research in the faculties
      • Collaborative Research Centres
      • Graduate Programmes and Schools
      • DFG Research Units
      • DFG Priority Programmes
      • ERC Grants
      • Leibniz Prize Winners
      • Heinz Maier Leibnitz Prize Winners
      • Open Page "Academic career"
      • Early career stages
      • Professorship at Paderborn University
      • Job portal
      • University as an employer
      • Open Page "Research funding and services"
      • Funding and application advice
      • Legal advice in research and development
      • Ethics Committee
      • Research Information at UPB
      • Research data management
      • Publication Service of the University Library
      • Open Access Portal
      • Inventions & patents
      • Start-ups and entrepreneurship
      • Network for Interdisciplinary Research
      • Internal grants (Committee for Research and Junior Academics)
      • Open Page "Research culture"
      • Research-Oriented Standards on Gender Equality
      • Gender & Diversity Consulting
      • Ethics committee
      • Good Research Practice
      • Human Resources Strategy for Researchers
    • Open Page "Transfer"
    • Creating together
    • Innovating together
    • Reflecting together
    • Contacts
    • Open Page "International"
    • International Profile
    • International Campus
    • Open Page "University"
      • Open Page "About us"
      • Mission Statement
      • History
      • Important Personalities and Pioneers
      • University Society
      • Alumni
      • Unishop
      • Open Page "Our organisation"
      • University Executive Board
      • Advisory Board
      • Senate
      • Faculties
      • Central University Administration
      • Central research institutes
      • Central operating units
      • Agencies and authorised representatives
      • Anlauf- und Beratungsstellen
      • Universitätskommissionen
      • Open Page "Working at UPB"
      • Vacancies
      • Equality, Compatibility and Diversity
      • Welcome Services
      • Personnel development
      • Scientific career paths
      • Dual Career Service
      • Healthy university
      • Social, sporting and cultural activities
    • Maps & directions
    • Open Page "Faculties"
    • Faculty of Arts and Humanities
    • Faculty of Business Administration and Economics
    • Faculty of Science
    • Faculty of Mechanical Engineering
    • Faculty of Computer Science, Electrical Engineering and Mathematics
  • Press
Paderborn University researchers partner with SAP
Paderborn University researchers partner with SAP
Contact
  1. Paderborn University
Back to the news list

New re­search pro­ject to pre­vent vul­ner­ab­il­it­ies in open-source soft­ware

10.03.2022  |  Research

A contribution from Press release

Share post on:

  • Share on Instagram
  • Teilen auf Twitter
  • Teilen auf Facebook
  • Teilen auf Xing
  • Teilen auf LinkedIn
  • Teilen über E-Mail
  • Link kopieren

Paderborn University researchers partner with SAP

Freely available computer programs that every user can download, use, modify, and distribute are known as “open-source software”. The idea is that the collective knowledge of as many people as possible will constantly optimize the programs and help further develop them. They can be accessed in online databases. Nowadays, developers also often use the databases to source individual software modules that they need for a new application, rather than developing them themselves from scratch. For instance, they could use a fully programmed module for their payment processes in an online shop. The problem? Because of the dynamic nature of freely available content, vulnerabilities are constantly popping up in the downloaded modules. Just recently, a security gap in a widely used open-source software program allowed users with criminal intent to insert harmful instructions into the program. If the affected companies had not responded quickly, criminals would have been able to access the servers of internet giants like Apple and Amazon. In order to minimize this risk, researchers from the Department of Computer Science and the Heinz Nixdorf Institute at Paderborn University collaborated on a research project with software company SAP SE. The goal is to develop tools that can identify and eliminate potential vulnerabilities in open-source applications, even with previously inadequate information. The project was launched in September and will run for three years. It is receiving just under 500,000 euros in funding from the German Research Foundation (DFG).

Identifying potential risks even without the source code

The transfer project builds on the work of Collaborative Research Center 901, “On-The-Fly Computing,” in which researchers from Paderborn University have been working since 2011 to automatically configure and provide customized IT services. Now the computer scientists are hoping to transfer techniques from quality control for services to the field of open-source software. “There are already tools that can identify vulnerabilities in open-source software, but only if the source code is available. The source code is written in a programming language that can be read by humans. It must first be translated into machine code by certain programs in order to give the computer the individual instructions,” explains Stefan Schott, a research associate in the “Software Engineering” specialist group led by Prof. Dr. Eric Bodden. Since open-source software is used and further developed in a collaborative way, its exact source code is often not immediately available. When different developers modify it and then translate it to machine code, the human-readable code is lost. Without this information, says Schott, it is not currently possible to identify the origin of the weak points. “The objective of our work is to develop a process chain that allows people to identify, evaluate, and eliminate vulnerabilities in open-source software even without the source code,” says Schott. In addition, the researchers want to explore measures that will minimize weak points and also be effective against as-yet-unknown risks.

 A focus on industrial practice

The partnership with SAP SE will foreground the practical use of these newly developed technologies. “The many years of experience and outstanding achievements of Professor Bodden and the ‘Secure Software Engineering’ specialist group in terms of software security create outstanding conditions for the project to be a success,” says Volkmar Lotz, Head of SAP Security Research, with optimism. “We have the right partner on our side, so we can test the effectiveness of our research results in a real-life environment. That is especially important in this project,” concludes Schott.

Contact

business-card image

Stefan Schott

Secure Software Engineering / Heinz Nixdorf Institut

Write email +49 5251 60-6568
More about the person
Universität Paderborn

Warburger Str. 100
33098 Paderborn
Germany

Phone University

+49 5251 60-0
Quick links
  • Cafeteria
  • Online application
  • Library
  • PAUL
  • PANDA
Social networks
Legal notice
  • Imprint
  • Data privacy
  • Whistleblower system
  • Accessibility Declaration