| Title | SECOM: Towards a convention for security commit messages |
| Publication Type | Conference Paper |
| Year of Publication | 2022 |
| Authors | Reis, Sofia, Abreu, Rui, Erdogmus, Hakan, Păsăreanu, Corina |
| Conference Name | 2022 IEEE/ACM 19th International Conference on Mining Software Repositories (MSR) |
| Keywords | best practices, composability, convention, data mining, IDS, pubcrawl, resilience, Resiliency, security, security commit messages, Software, Standard |
| Abstract | One way to detect and assess software vulnerabilities is by extracting security-related information from commit messages. Automating the detection and assessment of vulnerabilities upon security commit messages is still challenging due to the lack of structured and clear messages. We created a convention, called SECOM, for security commit messages that structure and include bits of security-related information that are essential for detecting and assessing vulnerabilities for both humans and tools. The full convention and details are available here: https://tqrg.github.io/secom/. |
| DOI | 10.1145/3524842.3528513 |
| Citation Key | reis_secom_2022 |
SECOM: Towards a convention for security commit messages