CrossVul: A Cross-Language Vulnerability Dataset with Commit Data
Fri 27 Aug 2021 07:25 - 07:30 - Dependability—Vulnerabilities 2 Chair(s): Ramy Shahin
Examining the characteristics of software vulnerabilities and the code that contains them can lead to the development of more secure software. We present a dataset (~1.4 GB) containing vulnerable source code files together with the corresponding, patched versions. Contrary to other existing vulnerability datasets, ours includes vulnerable files written in more than 40 programming languages. Each file is associated to (1) a Common Vulnerability Exposures identifier (CVE ID) and (2) the repository it came from. Further, our dataset can be the basis for machine learning applications that identify defects, as we show in specific examples. We also present a supporting dataset that contains commit messages derived from Git commits that serve as security patches. This dataset can be used to train ML models that in turn,
can be used to detect security patch commits as we highlight in a specific use case.
Thu 26 AugDisplayed time zone: Athens change
19:00 - 20:00 | Dependability—Vulnerabilities 2Research Papers / Demonstrations +12h Chair(s): Domenico Bianculli University of Luxembourg | ||
19:00 10mPaper | Identifying Casualty Changes in Software Patches Research Papers Adriana Sejfia University of Southern California, Yixue Zhao University of Massachusetts at Amherst, Nenad Medvidović University of Southern California DOI Media Attached | ||
19:10 10mPaper | ACHyb: A Hybrid Analysis Approach to Detect Kernel Access Control Vulnerabilities Research Papers Yang Hu The University of Texas at Austin, Wenxi Wang University of Texas at Austin, Casen Hunger University of Texas at Austin, Riley Wood University of Texas at Austin, Sarfraz Khurshid University of Texas at Austin, Mohit Tiwari University of Texas at Austin DOI | ||
19:20 5mPaper | ICME: An Informed Consent Management Engine for Conformance in Smart Building Environments Demonstrations Chehara Pathmabandu Monash University, John Grundy Monash University, Mohan Baruwal Chhetri CSIRO’s Data61, Zubair Baig Deakin University DOI Media Attached | ||
19:25 5mPaper | CrossVul: A Cross-Language Vulnerability Dataset with Commit Data Demonstrations Georgios Nikitopoulos University of Thessaly, Konstantina Dritsa Athens University of Economics and Business, Panos Louridas Athens University of Economics and Business, Dimitris Mitropoulos University of Athens DOI | ||
19:30 30mLive Q&A | Q&A (Dependability—Vulnerabilities 2) Research Papers | ||
Fri 27 AugDisplayed time zone: Athens change
07:00 - 08:00 | Dependability—Vulnerabilities 2Demonstrations / Research Papers Chair(s): Ramy Shahin University of Toronto | ||
07:00 10mPaper | Identifying Casualty Changes in Software Patches Research Papers Adriana Sejfia University of Southern California, Yixue Zhao University of Massachusetts at Amherst, Nenad Medvidović University of Southern California DOI Media Attached | ||
07:10 10mPaper | ACHyb: A Hybrid Analysis Approach to Detect Kernel Access Control Vulnerabilities Research Papers Yang Hu The University of Texas at Austin, Wenxi Wang University of Texas at Austin, Casen Hunger University of Texas at Austin, Riley Wood University of Texas at Austin, Sarfraz Khurshid University of Texas at Austin, Mohit Tiwari University of Texas at Austin DOI | ||
07:20 5mPaper | ICME: An Informed Consent Management Engine for Conformance in Smart Building Environments Demonstrations Chehara Pathmabandu Monash University, John Grundy Monash University, Mohan Baruwal Chhetri CSIRO’s Data61, Zubair Baig Deakin University DOI Media Attached | ||
07:25 5mPaper | CrossVul: A Cross-Language Vulnerability Dataset with Commit Data Demonstrations Georgios Nikitopoulos University of Thessaly, Konstantina Dritsa Athens University of Economics and Business, Panos Louridas Athens University of Economics and Business, Dimitris Mitropoulos University of Athens DOI | ||
07:30 30mLive Q&A | Q&A (Dependability—Vulnerabilities 2) Research Papers | ||