Litcius/Paper detail

Tracking patches for open source software vulnerabilities

Congying Xu, Bihuan Chen, Chenhao Lu, Kaifeng Huang, Xin Peng, Yang Liu

2022Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering28 citationsDOI

Abstract

Open source software (OSS) vulnerabilities threaten the security of software systems that use OSS. Vulnerability databases provide valuable information (e.g., vulnerable version and patch) to mitigate OSS vulnerabilities. There arises a growing concern about the information quality of vulnerability databases. However, it is unclear what the quality of patches in existing vulnerability databases is; and existing manual or heuristic-based approaches for patch tracking are either too expensive or too specific to apply to all OSS vulnerabilities.

Topics & Concepts

Vulnerability (computing)Vulnerability managementComputer scienceSecure codingSoftwareOpen source softwareSecurity bugOpen sourceComputer securitySoftware security assuranceQuality (philosophy)Software qualityVulnerability assessmentInformation securitySoftware developmentOperating systemSecurity serviceEpistemologyPsychologyPsychological resiliencePsychotherapistPhilosophySoftware Engineering ResearchAdvanced Malware Detection TechniquesWeb Application Security Vulnerabilities
Tracking patches for open source software vulnerabilities | Litcius