Options
Software vulnerability prediction using text analysis techniques
Publikationstyp
Conference Paper
Date Issued
2012-09
Sprache
English
Start Page
7
End Page
9
Citation
Proceedings of the 4th international workshop on Security measurements and metrics: 7-9 (2012-10-22)
Contribution to Conference
Publisher DOI
Scopus ID
Publisher
ACM
Early identification of software vulnerabilities is essential in software engineering and can help reduce not only costs, but also prevent loss of reputation and damaging litigations for a software firm. Techniques and tools for software vulnerability prediction are thus invaluable. Most of the existing techniques rely on using component characteristic(s) (like code complexity, code churn) for the vulnerability prediction. In this position paper, we present a novel approach for vulnerability prediction that leverages on the analysis of raw source code as text, instead of using "cooked" features. Our initial results seem to be very promising as the prediction model achieves an average accuracy of 0.87, precision of 0.85 and recall of 0.88 on 18 versions of a large mobile application.
DDC Class
004: Informatik