Fine-grained Commit-level Vulnerability Type Prediction by CWE Tree Structure

Pan, Shengyi; Bao, Lingfeng; Xia, Xin; Lo, David; Li, Shanping

doi:10.1109/icse48619.2023.00088

Cited by 7 publications

(2 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It's crucial in software maintenance to ensure that patches not only resolve issues but also maintain the overall functionality and performance of the software. Vulnerability detection: The FixMe dataset can be applied in various software security tasks, including vulnerability detection [1,13,14,28,37], CWE type prediction [38], and vulnerability fix detection [39][40][41]. Labeling the new code fixed by the commits or code after can be considered benign sample and code before can be taken as vulnerable samples for vulnerability detection as binary classification.…”

Section: Applications Of Fixmementioning

confidence: 99%

See 1 more Smart Citation

An Incremental Lightweight Method for Vulnerability Data Collection for Security Patches

Bhandari,

Gavric

2024

Preprint

View full text Add to dashboard Cite

Automated Program Repair enhances developers’ efficiency by reducing the time dedicated to debugging and fixing source code vulnerabilities. However, the existing datasets utilized to train patch generation models suffer from various limitations, notably the limited bug context, limited size, and reliance on synthetic and unrealistic source code samples. Additionally, existing dataset extraction tools lack an incremental approach, rendering the inclusion of new data a resource-intensive endeavor in terms of both time and computational resources. In this paper, we introduce FixMe , a novel framework designed for generating patches across diverse programming languages. This open-source tool facilitates an incremental approach to gathering vulnerability records from the Common Vulnerabilities and Exposures (CVE) database. Incorporating an incremental methodology accelerates the data acquisition process, encompassing newly identified vulnerabilities and their corresponding patch pairs. Our dataset curation method involves the extraction of security issues, acquiring vulnerability-fixing commits, and extracting source code from relevant projects. The resultant dataset comprises 18,063 CVEs from 2,133 commits, encompassing 19,109 patch sets with 44,059 vulnerability-fix pairs (patch hunks). This dataset spans 884 open-source projects hosted in git-based systems. Additionally , the study explores fostering the potential of APR techniques in reducing debugging costs and improving software quality by generating patches for fixing vulnerabilities automatically.

show abstract

Section: Applications Of Fixmementioning

confidence: 99%

“…The CWE type prediction involves predicting the CWE associated with a given vulnerability. This task is important for understanding vulnerabilities' nature and potential impact [38]. The FixMe dataset contains information on patches or fixes associated with each vulnerability instance.…”

Section: Applications Of Fixmementioning

confidence: 99%