Sciweavers

MSR
2010
ACM

Identifying security bug reports via text mining: An industrial case study

14 years 2 months ago
Identifying security bug reports via text mining: An industrial case study
-- A bug-tracking system such as Bugzilla contains bug reports (BRs) collected from various sources such as development teams, testing teams, and end users. When bug reporters submit bug reports to a bug-tracking system, the bug reporters need to label the bug reports as security bug reports (SBRs) or not, to indicate whether the involved bugs are security problems. These SBRs generally deserve higher priority in bug fixing than not-security bug reports (NSBRs). However, in the bug-reporting process, bug reporters often mislabel SBRs as NSBRs partly due to lack of security domain knowledge. This mislabeling could cause serious damage to software-system stakeholders due to the induced delay of identifying and fixing the involved security bugs. To address this important issue, we developed a new approach that applies text mining on natural-language descriptions of BRs to train a statistical model on already manually-labeled BRs to identify SBRs that are manually-mislabeled as NSBRs. Secu...
Michael Gegick, Pete Rotella, Tao Xie
Added 12 Oct 2010
Updated 12 Oct 2010
Type Conference
Year 2010
Where MSR
Authors Michael Gegick, Pete Rotella, Tao Xie
Comments (0)