Tracking patches for open source software vulnerabilities
Congying Xu, Bihuan Chen, Chenhao Lu, Kaifeng Huang, Xin Peng, Yang Liu
2022Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering28 citationsDOI
Abstract
Open source software (OSS) vulnerabilities threaten the security of software systems that use OSS. Vulnerability databases provide valuable information (e.g., vulnerable version and patch) to mitigate OSS vulnerabilities. There arises a growing concern about the information quality of vulnerability databases. However, it is unclear what the quality of patches in existing vulnerability databases is; and existing manual or heuristic-based approaches for patch tracking are either too expensive or too specific to apply to all OSS vulnerabilities.
Topics & Concepts
Vulnerability (computing)Vulnerability managementComputer scienceSecure codingSoftwareOpen source softwareSecurity bugOpen sourceComputer securitySoftware security assuranceQuality (philosophy)Software qualityVulnerability assessmentInformation securitySoftware developmentOperating systemSecurity serviceEpistemologyPsychologyPsychological resiliencePsychotherapistPhilosophySoftware Engineering ResearchAdvanced Malware Detection TechniquesWeb Application Security Vulnerabilities