To secure computer infrastructure, we need to configure all securityrelevant settings. We need security experts to identify securityrelevant settings, but this process is time-consuming and expensive. Our proposed solution uses state-of-the-art natural language processing to classify settings as security-relevant based on their description. Our evaluation shows that our trained classifiers do not perform well enough to replace the human security experts but can help them classify the settings. By publishing our labeled data sets and the code of our trained model, we want to help security experts analyze configuration settings and enable further research in this area.
CCS CONCEPTS• Software and its engineering → Software configuration management and version control systems; • Security and privacy → Software security engineering; • Computing methodologies → Natural language processing.