On Building a Vulnerability Dataset with Static Information from the Source Code
Title | On Building a Vulnerability Dataset with Static Information from the Source Code |
Publication Type | Conference Paper |
Year of Publication | 2021 |
Authors | Pereira, José D'Abruzzo, Antunes, João Henggeler, Vieira, Marco |
Conference Name | 2021 10th Latin-American Symposium on Dependable Computing (LADC) |
Keywords | codes, composability, compositionality, Data Breach, Databases, Human Behavior, Industries, machine learning, Metrics, pubcrawl, Resiliency, software metrics, software security, static analysis, static code analysis, vulnerability detection |
Abstract | Software vulnerabilities are weaknesses in software systems that can have serious consequences when exploited. Examples of side effects include unauthorized authentication, data breaches, and financial losses. Due to the nature of the software industry, companies are increasingly pressured to deploy software as quickly as possible, leading to a large number of undetected software vulnerabilities. Static code analysis, with the support of Static Analysis Tools (SATs), can generate security alerts that highlight potential vulnerabilities in an application's source code. Software Metrics (SMs) have also been used to predict software vulnerabilities, usually with the support of Machine Learning (ML) classification algorithms. Several datasets are available to support the development of improved software vulnerability detection techniques. However, they suffer from the same issues: they are either outdated or use a single type of information. In this paper, we present a methodology for collecting software vulnerabilities from known vulnerability databases and enhancing them with static information (namely SAT alerts and SMs). The proposed methodology aims to define a mechanism capable of more easily updating the collected data. |
DOI | 10.1109/LADC53747.2021.9672589 |
Citation Key | pereira_building_2021 |