Name
Abstract | ||
|---|---|---|
Building secure software is difficult, time-consuming, and expensive. Prediction models that identify vulnerability prone software components can be used to focus security efforts, thus helping to reduce the time and effort required to secure software. Several kinds of vulnerability prediction models have been proposed over the course of the past decade. However, these models were evaluated with differing methodologies and datasets, making it difficult to determine the relative strengths and weaknesses of different modeling techniques. In this paper, we provide a high-quality, public dataset, containing 223 vulnerabilities found in three web applications, to help address this issue. We used this dataset to compare vulnerability prediction models based on text mining with models using software metrics as predictors. We found that text mining models had higher recall than software metrics based models for all three applications. |
Year | DOI | Venue |
|---|---|---|
2014 | 10.1109/ISSRE.2014.32 | Software Reliability Engineering |
Keywords | Field | DocType |
Internet,data mining,object-oriented programming,security of data,software metrics,text analysis,Web applications,secure software building,software metrics,text mining,vulnerability prediction model,vulnerability prone software component identification,vulnerable component prediction | Software analytics,Computer science,Software security assurance,Software metric,Software visualization,Software verification and validation,Software construction,Reliability engineering,Software development,Software mining | Conference |
ISSN | ISBN | Citations |
1071-9458 | 978-1-4799-6032-3 | 42 |
PageRank | References | Authors |
1.06 | 25 | 3 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| James Walden | 1 | 157 | 9.77 |
| Jeff Stuckman | 2 | 42 | 1.06 |
| Riccardo Scandariato | 3 | 492 | 36.85 |