The lack of comprehensive sources of accurate vulnerability data represents acritical obstacle to studying and understanding software vulnerabilities (andtheir corrections) Inconclusion, our method reduces considerably the effort needed to search OSSrepositories for the commits that fix known vulnerabilities . We evaluated our approach using a prototype implementation named Prospector on a manually curated data set that comprises 2,391 known fix commits . When considering the top-10 commits in the ranked results, our implementation could successfully identify at least one fix commit for up to 84.03% of the vulnerabilities (with a fix commit on the first position for 65.06% of vulnerabilities). Inconcluded, our system could successfullyidentify at least 1,000 fixes for an up to 1,248 public vulnerability advisories . The score attributed by the ML model to each feature is kept visible to the model is kept . Thescore attributed by . the model to . each feature was kept visible by the users is kept transparent to the users,allowing them to interpret of the predictions . TheScore attributed to the models is kept clear to the . users, and they are able to find a fix commits that fixes on an issue that are known to be identified by the model .

Author(s) : Daan Hommersom, Antonino Sabetta, Bonaventura Coppola, Damian A. Tamburri

Links : PDF - Abstract

Code :

Keywords : fix - commits - model - vulnerabilities - users -

Leave a Reply

Your email address will not be published. Required fields are marked *