Predicting vulnerable software components
Proceedings of the 14th ACM conference on Computer and communications security
Searching for a Needle in a Haystack: Predicting Security Vulnerabilities for Windows Vista
ICST '10 Proceedings of the 2010 Third International Conference on Software Testing, Verification and Validation
One Technique is Not Enough: A Comparison of Vulnerability Discovery Techniques
ESEM '11 Proceedings of the 2011 International Symposium on Empirical Software Engineering and Measurement
IEEE Transactions on Software Engineering
SAVI: Static-Analysis Vulnerability Indicator
IEEE Security and Privacy
| Hi-index | 0.00 |
Early identification of software vulnerabilities is essential in software engineering and can help reduce not only costs, but also prevent loss of reputation and damaging litigations for a software firm. Techniques and tools for software vulnerability prediction are thus invaluable. Most of the existing techniques rely on using component characteristic(s) (like code complexity, code churn) for the vulnerability prediction. In this position paper, we present a novel approach for vulnerability prediction that leverages on the analysis of raw source code as text, instead of using "cooked" features. Our initial results seem to be very promising as the prediction model achieves an average accuracy of 0.87, precision of 0.85 and recall of 0.88 on 18 versions of a large mobile application.