Security Bug Report Usage for Software Vulnerability Research: A Systematic Mapping Study

Abstract: Context: Security bug reports are reports from bug tracking systems that include descriptions and resolutions of security vulnerabilities that occur in software projects. Researchers use security bug reports to conduct research related to software vulnerabilities. A mapping study of publications that use security bug reports can inform researchers on (i) the research topics that have been investigated, and (ii) potential research avenues in the field of software vulnerabilities. Objective: The objective of thi… Show more

“…They reviewed 90 papers published between 2011 and 2020 and presented a taxonomy of the research interests in vulnerability prediction and a taxonomy of ML approaches used to detect vulnerabilities. Bhuiyan et al conducted an SMS including studies that utilize bug reports retrieved from bug tracking systems [10]. They retrieved 46 papers that utilized bug reports, published up to 2021, and investigated their research goals.…”

“…Based on Table 1, we can claim that our study is the broadest among the seven studies of the related work, as it includes 180 papers. In terms of research method, we identified only two existing SMS about VP, from which the first one by Rafique et al [7] cannot be considered as up-to-date as it reviewed papers until 2014, while the second one by Bhuiyan et al [10] examines only one of our research goals and only for papers using bug reports. Considering in detail the research goals, our SMS has a wide focus and provides an in-breadth analysis, as it covers the whole VP process, beginning from the research goal, continuing with the dataset construction step, the model construction step and ending with the evaluation of the approaches step.…”

Software vulnerability prediction: A systematic mapping study

“…They reviewed 90 papers published between 2011 and 2020 and presented a taxonomy of the research interests in vulnerability prediction and a taxonomy of ML approaches used to detect vulnerabilities. Bhuiyan et al conducted an SMS including studies that utilize bug reports retrieved from bug tracking systems [10]. They retrieved 46 papers that utilized bug reports, published up to 2021, and investigated their research goals.…”

“…Based on Table 1, we can claim that our study is the broadest among the seven studies of the related work, as it includes 180 papers. In terms of research method, we identified only two existing SMS about VP, from which the first one by Rafique et al [7] cannot be considered as up-to-date as it reviewed papers until 2014, while the second one by Bhuiyan et al [10] examines only one of our research goals and only for papers using bug reports. Considering in detail the research goals, our SMS has a wide focus and provides an in-breadth analysis, as it covers the whole VP process, beginning from the research goal, continuing with the dataset construction step, the model construction step and ending with the evaluation of the approaches step.…”

Software vulnerability prediction: A systematic mapping study

Security Assurance in the Software Development Process: A Systematic Literature Review

Vulnerability Report Analysis and Vulnerability Reproduction for Web Applications