Software vulnerability prediction using text analysis techniques

Publikationstyp
Conference Paper
Date Issued
2012-09
Sprache
English
Author(s)
Hovsepyan, Aram  
Scandariato, Riccardo  
Joosen, Wouter  
Walden, James  
TORE-URI
http://hdl.handle.net/11420/14966
Start Page
7
End Page
9
Citation
Proceedings of the 4th international workshop on Security measurements and metrics: 7-9 (2012-10-22)
Contribution to Conference
4th International Workshop on Security Measurements and Metrics, MetriSec 2012  
Publisher DOI
10.1145/2372225.2372230
Scopus ID
2-s2.0-84867544938
Publisher
ACM
Early identification of software vulnerabilities is essential in software engineering and can help reduce not only costs, but also prevent loss of reputation and damaging litigations for a software firm. Techniques and tools for software vulnerability prediction are thus invaluable. Most of the existing techniques rely on using component characteristic(s) (like code complexity, code churn) for the vulnerability prediction. In this position paper, we present a novel approach for vulnerability prediction that leverages on the analysis of raw source code as text, instead of using "cooked" features. Our initial results seem to be very promising as the prediction model achieves an average accuracy of 0.87, precision of 0.85 and recall of 0.88 on 18 versions of a large mobile application.
DDC Class
004: Informatik