Litcius/Paper detail

ReposVul: A Repository-Level High-Quality Vulnerability Dataset

Xinchen Wang, Ruida Hu, Cuiyun Gao, Xin-Cheng Wen, Yujia Chen, Qing Liao

202428 citationsDOIOpen Access PDF

Abstract

Open-Source Software (OSS) vulnerabilities bring great challenges to the software security and pose potential risks to our society. Enormous efforts have been devoted into automated vulnerability detection, among which deep learning (DL)-based approaches have proven to be the most effective. However, the performance of the DL-based approaches generally relies on the quantity and quality of labeled data, and the current labeled data present the following limitations: (1) Tangled Patches: Developers may submit code changes unrelated to vulnerability fixes within patches, leading to tangled patches. (2) Lacking Inter-procedural Vulnerabilities: The existing vulnerability datasets typically contain function-level and file-level vulnerabilities, ignoring the relations between functions, thus rendering the approaches unable to detect the inter-procedural vulnerabilities. (3) Outdated Patches: The existing datasets usually contain outdated patches, which may bias the model during training.

Topics & Concepts

Computer scienceVulnerability (computing)Quality (philosophy)Computer securityPhilosophyEpistemologyAdvanced Malware Detection TechniquesWeb Application Security VulnerabilitiesSoftware Testing and Debugging Techniques