C4.5: programs for machine learning
C4.5: programs for machine learning
The nature of statistical learning theory
The nature of statistical learning theory
Building Knowledge through Families of Experiments
IEEE Transactions on Software Engineering
Maximum RPM
Formal Concept Analysis: Mathematical Foundations
Formal Concept Analysis: Mathematical Foundations
Fast Algorithms for Mining Association Rules in Large Databases
VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
Data Mining: Concepts and Techniques
Data Mining: Concepts and Techniques
Mining metrics to predict component failures
Proceedings of the 28th international conference on Software engineering
Mining large software compilations over time: another perspective of software evolution
Proceedings of the 2006 international workshop on Mining software repositories
Predicting component failures at design time
Proceedings of the 2006 ACM/IEEE international symposium on Empirical software engineering
Have things changed now?: an empirical study of bug characteristics in modern open source software
Proceedings of the 1st workshop on Architectural and system support for improving software dependability
Milk or wine: does software security improve with age?
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
MSR '07 Proceedings of the Fourth International Workshop on Mining Software Repositories
Predicting vulnerable software components
Proceedings of the 14th ACM conference on Computer and communications security
The new school of information security
The new school of information security
Prioritizing software security fortification throughcode-level metrics
Proceedings of the 4th ACM workshop on Quality of protection
Is complexity really the enemy of software security?
Proceedings of the 4th ACM workshop on Quality of protection
All of Statistics: A Concise Course in Statistical Inference
All of Statistics: A Concise Course in Statistical Inference
Security vulnerabilities in software systems: a quantitative perspective
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Detection of recurring software vulnerabilities
Proceedings of the IEEE/ACM international conference on Automated software engineering
Unix systems monitoring with FCA
ICCS'11 Proceedings of the 19th international conference on Conceptual structures for discovering knowledge
Scalable trust establishment with software reputation
Proceedings of the sixth ACM workshop on Scalable trusted computing
Idea: java vs. PHP: security implications of language choice for web applications
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Hi-index | 0.00 |
In an empirical study of 3241 Red Hat packages, we show that software vulnerabilities correlate with dependencies between packages. With formal concept analysis and statistical hypothesis testing, we identify dependencies that decrease the risk of vulnerabilities ("beauties") or increase the risk ("beasts"). Using support vector machines on dependency data, our prediction models successfully and consistently catch about two thirds of vulnerable packages (median recall of 0.65). When our models predict a package as vulnerable, it is correct more than eight times out of ten (median precision of 0.83). Our findings help developers to choose new dependencies wisely and make them aware of risky dependencies.