VulCurator: a vulnerability-fixing commit detector
Open-source software (OSS) vulnerability management process is important nowadays, as the number of discovered OSS vulnerabilities is increasing over time. Monitoring vulnerability-fixing commits is a part of the standard process to prevent vulnerability exploitation. Manually detecting vulnerabilit...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2022
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/7741 https://ink.library.smu.edu.sg/context/sis_research/article/8744/viewcontent/VulCurator_A_Vulnerability_Fixing_Commit_Detector.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-8744 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-87442023-01-10T02:39:04Z VulCurator: a vulnerability-fixing commit detector NGUYEN, Truong Giang LE, Cong Thanh KANG, Hong Jin LE, Xuan-Bach D. LO, David Open-source software (OSS) vulnerability management process is important nowadays, as the number of discovered OSS vulnerabilities is increasing over time. Monitoring vulnerability-fixing commits is a part of the standard process to prevent vulnerability exploitation. Manually detecting vulnerability-fixing commits is, however, time-consuming due to the possibly large number of commits to review. Recently, many techniques have been proposed to automatically detect vulnerability-fixing commits using machine learning. These solutions either: (1) did not use deep learning, or (2) use deep learning on only limited sources of information. This paper proposes VulCurator, a tool that leverages deep learning on richer sources of information, including commit messages, code changes and issue reports for vulnerability-fixing commit classification. Our experimental results show that VulCurator outperforms the state-of-the-art baselines up to 16.1% in terms of F1-score. VulCurator tool is publicly available at https://github.com/ ntgiang71096/VFDetector and https://zenodo.org/record/7034132# .Yw3MN-xBzDI, with a demo video at https://youtu.be/uMlFmWSJYOE. 2022-11-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7741 info:doi/10.1145/3540250.3558936 https://ink.library.smu.edu.sg/context/sis_research/article/8744/viewcontent/VulCurator_A_Vulnerability_Fixing_Commit_Detector.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Vulnerability-fixing commits Deep learning BERT Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Vulnerability-fixing commits Deep learning BERT Information Security |
| spellingShingle |
Vulnerability-fixing commits Deep learning BERT Information Security NGUYEN, Truong Giang LE, Cong Thanh KANG, Hong Jin LE, Xuan-Bach D. LO, David VulCurator: a vulnerability-fixing commit detector |
| description |
Open-source software (OSS) vulnerability management process is important nowadays, as the number of discovered OSS vulnerabilities is increasing over time. Monitoring vulnerability-fixing commits is a part of the standard process to prevent vulnerability exploitation. Manually detecting vulnerability-fixing commits is, however, time-consuming due to the possibly large number of commits to review. Recently, many techniques have been proposed to automatically detect vulnerability-fixing commits using machine learning. These solutions either: (1) did not use deep learning, or (2) use deep learning on only limited sources of information. This paper proposes VulCurator, a tool that leverages deep learning on richer sources of information, including commit messages, code changes and issue reports for vulnerability-fixing commit classification. Our experimental results show that VulCurator outperforms the state-of-the-art baselines up to 16.1% in terms of F1-score. VulCurator tool is publicly available at https://github.com/ ntgiang71096/VFDetector and https://zenodo.org/record/7034132# .Yw3MN-xBzDI, with a demo video at https://youtu.be/uMlFmWSJYOE. |
| format |
text |
| author |
NGUYEN, Truong Giang LE, Cong Thanh KANG, Hong Jin LE, Xuan-Bach D. LO, David |
| author_facet |
NGUYEN, Truong Giang LE, Cong Thanh KANG, Hong Jin LE, Xuan-Bach D. LO, David |
| author_sort |
NGUYEN, Truong Giang |
| title |
VulCurator: a vulnerability-fixing commit detector |
| title_short |
VulCurator: a vulnerability-fixing commit detector |
| title_full |
VulCurator: a vulnerability-fixing commit detector |
| title_fullStr |
VulCurator: a vulnerability-fixing commit detector |
| title_full_unstemmed |
VulCurator: a vulnerability-fixing commit detector |
| title_sort |
vulcurator: a vulnerability-fixing commit detector |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2022 |
| url |
https://ink.library.smu.edu.sg/sis_research/7741 https://ink.library.smu.edu.sg/context/sis_research/article/8744/viewcontent/VulCurator_A_Vulnerability_Fixing_Commit_Detector.pdf |
| _version_ |
1770576424677146624 |