Is Newer Always Better?: The Case of Vulnerability Prediction Models
| Title | Is Newer Always Better?: The Case of Vulnerability Prediction Models |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Hovsepyan, Aram, Scandariato, Riccardo, Joosen, Wouter |
| Conference Name | Proceedings of the 10th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4427-2 |
| Keywords | composability, prediction models, pubcrawl, Scalability, security vulnerabilities, software assurance |
| Abstract | Finding security vulnerabilities in the source code as early as possible is becoming more and more essential. In this respect, vulnerability prediction models have the potential to help the security assurance activities by identifying code locations that deserve the most attention. In this paper, we investigate whether prediction models behave like milk (i.e., they turn with time) or wine (i.e., the improve with time) when used to predict future vulnerabilities. Our findings indicate that the recall values are largely in favor of predictors based on older versions. However, the better recall comes at the price of much higher file inspection ratio values. |
| URL | http://doi.acm.org/10.1145/2961111.2962612 |
| DOI | 10.1145/2961111.2962612 |
| Citation Key | hovsepyan_is_2016 |