Sciweavers

CCS
2007
ACM

Predicting vulnerable software components

14 years 6 months ago
Predicting vulnerable software components
Where do most vulnerabilities occur in software? Our Vulture tool automatically mines existing vulnerability databases and version archives to map past vulnerabilities to components. The resulting ranking of the most vulnerable components is a perfect base for further investigations on what makes components vulnerable. In an investigation of the Mozilla vulnerability history, we surprisingly found that components that had a single vulnerability in the past were generally not likely to have further vulnerabilities. However, components that had similar imports or function calls were likely to be vulnerable. Based on this observation, we were able to extend Vulture by a simple predictor that correctly predicts about half of all vulnerable components, and about two thirds of all predictions are correct. This allows developers and project managers to focus their their efforts where it is needed most: “We should look at nsXPInstallManager because it is likely to contain yet unknown vulne...
Stephan Neuhaus, Thomas Zimmermann, Christian Holl
Added 07 Jun 2010
Updated 07 Jun 2010
Type Conference
Year 2007
Where CCS
Authors Stephan Neuhaus, Thomas Zimmermann, Christian Holler, Andreas Zeller
Comments (0)