Resumen de Exploring Feature Extraction to Vulnerability Prediction Problem

The growing use of technology makes the development of secure applications essential. In contrast, the secure software development cycle is a costly task, considering the human effort required to review application code for finding vulnerabilities. In order to minimize this cost (human effort), Vulnerability Prediction Models (VPMs) can be used by software development teams during inspection tasks. The VPM low precision makes its application unfeasible, because it indicates the waste of human effort during the inspection. One of the obstacles in the construction of efficient VPMs (i.e., high precision) is modeling meaningful features related to the vulnerabilities, specially in the initial training stages. In this work we compare a promising feature, extracted through another domain (i.e., defect prediction) techniques. We evaluated the feature within an active learning-based VPM through a simulation on real open source projects. Our results indicates that the feature looks promising in cost saving when applied to vulnerability inspection tasks.

Acceso de usuarios registrados

¿Es nuevo? Regístrese

Coordinado por: