ENGLISH
La vitrine de diffusion des publications et contributions des chercheurs de l'ÉTS
RECHERCHER

Revisiting the VCCFinder approach for the identification of vulnerability-contributing commits

Riom, Timothé, Sawadogo, Arthur, Allix, Kevin, Bissyandé, Tegawendé F., Moha, Naouel et Klein, Jacques. 2021. « Revisiting the VCCFinder approach for the identification of vulnerability-contributing commits ». Empirical Software Engineering, vol. 26, nº 3.
Compte des citations dans Scopus : 7.

[thumbnail of Moha-N-2021-25872.pdf]
Prévisualisation
PDF
Moha-N-2021-25872.pdf - Version publiée
Licence d'utilisation : Creative Commons CC BY.

Télécharger (3MB) | Prévisualisation

Résumé

Detecting vulnerabilities in software is a constant race between development teams and potential attackers. While many static and dynamic approaches have focused on regularly analyzing the software in its entirety, a recent research direction has focused on the analysis of changes that are applied to the code. VCCFinder is a seminal approach in the litera- ture that builds on machine learning to automatically detect whether an incoming commit will introduce some vulnerabilities. Given the influence of VCCFinder in the literature, we undertake an investigation into its performance as a state-of-the-art system. To that end, we propose to attempt a replication study on the VCCFinder supervised learning approach. The insights of our failure to replicate the results reported in the original publication informed the design of a new approach to identify vulnerability-contributing commits based on a semi-supervised learning technique with an alternate feature set. We provide all artefacts and a clear description of this approach as a new reproducible baseline for advancing research on machine learning-based identification of vulnerability-introducing commits.

Type de document: Article publié dans une revue, révisé par les pairs
Informations complémentaires: Identifiant de l'article: 46
Professeur:
Professeur
Moha, Naouel
Affiliation: Génie logiciel et des technologies de l'information
Date de dépôt: 18 nov. 2022 17:50
Dernière modification: 08 déc. 2022 13:45
URI: https://espace2.etsmtl.ca/id/eprint/25872

Actions (Authentification requise)

Dernière vérification avant le dépôt Dernière vérification avant le dépôt