Finding a needle in a haystack: Automatic mining of silent vulnerability fixes

Finding a needle in a haystack: Automatic mining of silent vulnerability fixes

Following the coordinated vulnerability disclosure model, a vulnerability in open source software (OSS) is suggested to be fixed “silently”, without disclosing the fix until the vulnerability is disclosed. Yet, it is crucial for OSS users to be aware of vulnerability fixes as early as possible, as o...

Full description

Saved in:

Bibliographic Details
Main Authors:	ZHOU, Jiayuan, PACHECO, Michael, WAN, Zhiyuan, XIA, Xin, LO, David, WANG, Yuan, HASSAN, Ahmed E.
Format:	text
Language:	English
Published:	Institutional Knowledge at Singapore Management University 2021
Subjects:	Databases and Information Systems
Online Access:	https://ink.library.smu.edu.sg/sis_research/6896 https://ink.library.smu.edu.sg/context/sis_research/article/7899/viewcontent/Finding_A_Needle_in_a_Haystack.pdf
Tags:	Add Tag No Tags, Be the first to tag this record!
Institution:	Singapore Management University
Language:	English

Similar Items

CoLeFunDa: Explainable silent vulnerability fix identification
by: ZHOU, Jiayuan, et al.
Published: (2023)

Finding needles in a haystack: Leveraging co-change dependencies to recommend refactorings
by: DE OLIVEIRA, Marcos César, et al.
Published: (2019)

Entropy of a needle in a haystack
by: Fang, Y., et al.
Published: (2014)

Multi-Granularity Detector for Vulnerability Fixes
by: NGUYEN, Truong Giang, et al.
Published: (2023)

Needles in the EST haystack: Large-scale identification and analysis of excretory-secretory (ES) proteins in parasitic nematodes using expressed sequence tags (ESTs)
by: Nagaraj, S.H., et al.
Published: (2011)

An empirical study of automatic program repair techniques for injection vulnerabilities
by: ZHU, Tingwei, et al.
Published: (2024)

SGUARD: Towards fixing vulnerable smart contracts automatically
by: NGUYEN, Tai D., et al.
Published: (2021)

Silent stroke: Not listened to rather than silent
by: Saini, M., et al.
Published: (2014)

Mining sandboxes for Linux containers
by: WAN, Zhiyuan, et al.
Published: (2017)

VulCurator: a vulnerability-fixing commit detector
by: NGUYEN, Truong Giang, et al.
Published: (2022)

Automatic vulnerability detection and repair
by: MA, Siqi
Published: (2018)

Silent conversations
by: Siti Nadia Amirah Muhammad Ariff Khoo
Published: (2020)

Silent invader
by: Loh, Wei Ting
Published: (2021)

Silent Invasion
by: McCarthy, S.J.
Published: (1973)

“SILENT” ANALYSTS
by: NIKOLA ORLIC
Published: (2022)

DESIGN OF SEMI-AUTOMATIC JIG & FIXTURE FOR INJECTION NEEDLE GRINDING
by: IVANDER (NIM : 13113096), BRIAN

DESIGN OF SEMI-AUTOMATIC JIG & FIXTURE FOR INJECTION NEEDLE GRINDING
by: Ivander, Brian

Ultrasound guided automatic localization of needle insertion site for epidural anesthesia
by: Yu, S., et al.
Published: (2014)

HERMES: using commit-issue linking to detect vulnerability-fixing commits
by: NGUYEN, Truong Giang, et al.
Published: (2022)

March of the silent bots
by: GRIFFIN, Paul Robert
Published: (2018)

The Making of "Silent Wishes"
by: Tenerife, Alec Justine C.
Published: (2023)

The Making of "Silent Wishes"
by: Tenerife, Alec Justine C.
Published: (2023)

A silent storm
by: Lim, C.T, et al.
Published: (2020)

Automatic recovery of root causes from bug-fixing changes
by: THUNG, Ferdian, et al.
Published: (2013)

Automatic Recovery of Root Causes from Bug-Fixing Changes
by: Thung, Ferdian, et al.
Published: (2013)

Out of sight, out of mind: Better automatic vulnerability repair by broadening input ranges and sources
by: ZHOU, Xin, et al.
Published: (2024)

VuRLE: Automatic vulnerability detection and repair by learning from examples
by: MA SIQI,, et al.
Published: (2017)

Automatic POC generation of Android app vulnerability
by: Leow, Dexter Ze Wei
Published: (2021)

AUTOMATIC LOCALIZATION OF EPIDURAL NEEDLE ENTRY SITE WITH LUMBAR ULTRASOUND IMAGE PROCESSING
by: YU SHUANG
Published: (2015)

TOWARDS AUTOMATIC NEEDLE INSERTION POINT SELECTION FOR ULTRASOUND-GUIDED PERCUTANEOUS PROCEDURES
by: MOHAMMAD IKHSAN
Published: (2018)

Design Improvements, Manufacturing, and Automation of Semi Automatic Jig and Fixture for Needle Grinding
by: Sutowijoyo, Adi

Finding RESTful API vulnerabilities using ChatGPT
by: Ho, Kenneth Jun Minn
Published: (2024)

An effective change recommendation approach for supplementary bug fixes
by: XIA, Xin, et al.
Published: (2017)

Unheard : the silent side of sports
by: Adeena Mohamed Nagib Bajrai
Published: (2021)

Automatic PoC generation for Android app vulnerability
by: Pang, Siew Boon
Published: (2021)

Finding real world software vulnerabilities using ChatGPT
by: Wong, Sean Chun Foh
Published: (2024)

Silent film comedy and American culture
by: Bilton, Alan
Published: (2020)

The silent cry : 2019 November 5
by: Purcell|Buchard, et al.
Published: (2020)

COVID-19 post-vaccination lymphadenopathy: Report of cytological findings from fine needle aspiration biopsy
by: Tan, Nicholas Jin Hong, et al.
Published: (2021)

Perceptions, expectations, and challenges in defect prediction
by: WAN, Zhiyuan, et al.
Published: (2020)