Options
Predicting vulnerable components: Software metrics vs text mining
Publikationstyp
Conference Paper
Date Issued
2014-11
Sprache
English
Start Page
23
End Page
33
Article Number
6982351
Citation
Proceedings - International Symposium on Software Reliability Engineering, ISSRE: 6982351, 23-33 (2014-12-11)
Contribution to Conference
Publisher DOI
Scopus ID
Publisher
IEEE
Building secure software is difficult, time-consuming, and expensive. Prediction models that identify vulnerability prone software components can be used to focus security efforts, thus helping to reduce the time and effort required to secure software. Several kinds of vulnerability prediction models have been proposed over the course of the past decade. However, these models were evaluated with differing methodologies and datasets, making it difficult to determine the relative strengths and weaknesses of different modeling techniques. In this paper, we provide a high-quality, public dataset, containing 223 vulnerabilities found in three web applications, to help address this issue. We used this dataset to compare vulnerability prediction models based on text mining with models using software metrics as predictors. We found that text mining models had higher recall than software metrics based models for all three applications.
Subjects
MLE@TUHH
DDC Class
004: Informatik