关键词：软件安全；软件漏洞；信息安全
摘 要：There is an entire ecosystem of tools, techniques, and processes designed to improve software security by preventing, nding, mitigating, and/or eliminating software vulnerabilities. Software vendors have this entire ecosystem to choose from during each phase of the software development lifecycle, which begins when someone identi es a software need, ends when the software vendor decides to halt support for the software, and includes everything in between. Unfortunately, guidance regarding which of these tools to choose is often non-existent or based solely on anecdotal evidence. In this dissertation, we present three studies to demonstrate that empirical studies can be used to enhance our understanding of the e ectiveness of various tools and techniques intended to improve software security.