Automatically Identifying Security Bug Reports via Multitype Features Analysis

Zou, Deqing; Deng, Zhijun; Li, Zhen; Jin, Hai

doi:10.1007/978-3-319-93638-3_35

Cited by 7 publications

(3 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…P2, P3, P7, P12, P37, and P39 used available labeled bug reports, where each bug report is labeled as security bug report (SBR) or non-security bug report (NSBR). P19 [37] leveraged information that are usually available in a bug report, including meta features and textual features, to automatically identify the security bug reports via natural language processing and machine learning techniques. P5 [38] used different strategies for labeling positive samples (i.e., SBRs) and negative samples (i.e., NSBRs).…”

Section: Resultsmentioning

confidence: 99%

“…P4 [41] compared the performance of multiple vulnerability classification models to find a different combination of features for a better prediction model. P19 [37] also presented an automated security bug report identification model via multi-type features analysis. From security bug reports they mined meta-features and textual features, to automatically identify the security bug reports via NLP and ML techniques.…”

Section: A Answer To Rq1: What Research Topics Have Been Investigatementioning

confidence: 99%

See 1 more Smart Citation

Security Bug Report Usage for Software Vulnerability Research: A Systematic Mapping Study

Bhuiyan¹,

Sharif²,

Rahman³

2021

IEEE Access

View full text Add to dashboard Cite

Context: Security bug reports are reports from bug tracking systems that include descriptions and resolutions of security vulnerabilities that occur in software projects. Researchers use security bug reports to conduct research related to software vulnerabilities. A mapping study of publications that use security bug reports can inform researchers on (i) the research topics that have been investigated, and (ii) potential research avenues in the field of software vulnerabilities. Objective: The objective of this paper is to help researchers identify research gaps related to software vulnerabilities by conducting a systematic mapping study of research publications that use security bug reports. Method: We perform a systematic mapping study of research that use security bug reports for software vulnerability research by searching five scholar databases: (i) IEEE Xplore, (ii) ACM Digital Library, (iii) ScienceDirect, (iv) Wiley Online Library, and (v) Springer Link. From the five scholar databases, we select 46 publications that use security bug reports by systematically applying inclusion and exclusion criteria. Using qualitative analysis, we identify research topics investigated in our collected set of publications. Results: We identify three research topics that are investigated in our set of 46 publications. The three topics are: (i) vulnerability classification; (ii) vulnerability report summarization; and (iii) vulnerability dataset construction. Of the studied 46 publications, 42 publications focus on vulnerability classification. Conclusion: Findings from our mapping study can be leveraged to identify research opportunities in the domains of software vulnerability classification and automated vulnerability repair techniques.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: A Answer To Rq1: What Research Topics Have Been Investigatementioning

confidence: 99%

Security Bug Report Usage for Software Vulnerability Research: A Systematic Mapping Study

Bhuiyan¹,

Sharif²,

Rahman³

2021

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Diksha et al [35] introduced ranking methods to reduce the mislabeling of security bug reports. Similarly, Zou et al [424] expended on detecting security-related bugs using multi-type feature analysis.…”

Section: Detection Of Quality Concerns Across Artifactsmentioning

confidence: 99%

Exploring the Software Quality Maze: Detecting Scattered and Tangled Crosscutting Quality Concerns in Source Code in Support of Maintenance Tasks

Krasniqi

View full text Add to dashboard Cite

Software quality attributes, such as reliability, security, and usability, are often well-defined and understood at the requirement level. They lay the ground foundation necessary to achieve high-quality, robust, user-friendly, and trustworthy software systems. However, when addressing these attributes at the code level, two significant challenges emerge. First, they tend to scatter across the codebase due to improper encapsulation of object-oriented classes, hampering the visibility of quality-related components across the codebase. Second, they become tangled within a single module due to intricate interdependencies with functional aspects of the code. Addressing quality concerns in the presence of scattered and tangled code can lead to unforeseen issues. For example, software developers may inadvertently introduce new and latent bugs or incorrectly implement code components deviating from the original system-wide requirements. To tackle these pressing issues, this dissertation proposes a series of state-of-the-art solutions integrating ML-based techniques and NLP-based techniques, including static program analysis techniques, to automatically and effectively detect and repair quality concerns present at the code level, even when scattered across the codebase. Additionally, we introduce program structural analysis and change impact analysis, complemented by other unsupervised ML-based techniques, to disentangle quality-related changes from functional ones, to gain a holistic understanding of a particular maintenance task. From a practical stance, our techniques can be integrated for quality risk assessment purposes and incorporated into safety-critical continuous integration systems to monitor the evolving nature of quality concerns. Furthermore, they can enhance bidirectional traceability across evolving software artifacts, such as bug reports, commit messages, and source code, and facilitate bug triaging systems for prioritizing the resolution of highly impacted quality-related bugs.

show abstract

A Process Framework for the Classification of Security Bug Reports

Hussain¹

2022

Evolving Software Processes

View full text Add to dashboard Cite

Automatically Identifying Security Bug Reports via Multitype Features Analysis

Cited by 7 publications

References 27 publications

Security Bug Report Usage for Software Vulnerability Research: A Systematic Mapping Study

Security Bug Report Usage for Software Vulnerability Research: A Systematic Mapping Study

Exploring the Software Quality Maze: Detecting Scattered and Tangled Crosscutting Quality Concerns in Source Code in Support of Maintenance Tasks

A Process Framework for the Classification of Security Bug Reports

Contact Info

Product

Resources

About