Biblio
Filters: Keyword is security commit messages [Clear All Filters]
SECOM: Towards a convention for security commit messages. 2022 IEEE/ACM 19th International Conference on Mining Software Repositories (MSR). :764—765.
.
2022. One way to detect and assess software vulnerabilities is by extracting security-related information from commit messages. Automating the detection and assessment of vulnerabilities upon security commit messages is still challenging due to the lack of structured and clear messages. We created a convention, called SECOM, for security commit messages that structure and include bits of security-related information that are essential for detecting and assessing vulnerabilities for both humans and tools. The full convention and details are available here: https://tqrg.github.io/secom/.