Is newer always better?: The case of vulnerability prediction models

Hovsepyan, Aram; Scandariato, Riccardo; Joosen, Wouter

Is newer always better?: The case of vulnerability prediction models

Publikationstyp

Conference Paper

Publikationsdatum

2016-09

Sprache

English

Author

Hovsepyan, Aram

Scandariato, Riccardo

Joosen, Wouter

TORE-URI

http://hdl.handle.net/11420/14423

First published in

International Symposium on Empirical Software Engineering and Measurement

Number in series

8/9

Start Page

1

End Page

6

Article Number

a26

Citation

International Symposium on Empirical Software Engineering and Measurement 8/9: a26, 1-6 (2016-09-08)

Contribution to Conference

10th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2016

Publisher DOI

10.1145/2961111.2962612

Scopus ID

2-s2.0-84991627902

Publisher

ACM

Finding security vulnerabilities in the source code as early as possible is becoming more and more essential. In this respect, vulnerability prediction models have the potential to help the security assurance activities by identifying code locations that deserve the most attention. In this paper, we investigate whether prediction models behave like milk (i.e., they turn with time) or wine (i.e., the improve with time) when used to predict future vulnerabilities. Our findings indicate that the recall values are largely in favor of predictors based on older versions. However, the better recall comes at the price of much higher file inspection ratio values.

Schlagworte

prediction models

Security vulnerabilities

DDC Class

004: Informatik

Options

Is newer always better?: The case of vulnerability prediction models