Visible to the public On Building a Vulnerability Dataset with Static Information from the Source Code

TitleOn Building a Vulnerability Dataset with Static Information from the Source Code
Publication TypeConference Paper
Year of Publication2021
AuthorsPereira, José D'Abruzzo, Antunes, João Henggeler, Vieira, Marco
Conference Name2021 10th Latin-American Symposium on Dependable Computing (LADC)
Keywordscodes, composability, compositionality, Data Breach, Databases, Human Behavior, Industries, machine learning, Metrics, pubcrawl, Resiliency, software metrics, software security, static analysis, static code analysis, vulnerability detection
Abstract

Software vulnerabilities are weaknesses in software systems that can have serious consequences when exploited. Examples of side effects include unauthorized authentication, data breaches, and financial losses. Due to the nature of the software industry, companies are increasingly pressured to deploy software as quickly as possible, leading to a large number of undetected software vulnerabilities. Static code analysis, with the support of Static Analysis Tools (SATs), can generate security alerts that highlight potential vulnerabilities in an application's source code. Software Metrics (SMs) have also been used to predict software vulnerabilities, usually with the support of Machine Learning (ML) classification algorithms. Several datasets are available to support the development of improved software vulnerability detection techniques. However, they suffer from the same issues: they are either outdated or use a single type of information. In this paper, we present a methodology for collecting software vulnerabilities from known vulnerability databases and enhancing them with static information (namely SAT alerts and SMs). The proposed methodology aims to define a mechanism capable of more easily updating the collected data.

DOI10.1109/LADC53747.2021.9672589
Citation Keypereira_building_2021