15
views
0
recommends
+1 Recommend
0 collections
    0
    shares
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      Toward Validation of Textual Information Retrieval Techniques for Software Weaknesses

      Preprint

      ,

      Read this article at

      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          This paper presents a preliminary validation of common textual information retrieval techniques for mapping unstructured software vulnerability information to distinct software weaknesses. The validation is carried out with a dataset compiled from four software repositories tracked in the Snyk vulnerability database. According to the results, the information retrieval techniques used perform unsatisfactorily compared to regular expression searches. Although the results vary from a repository to another, the preliminary validation presented indicates that explicit referencing of vulnerability and weakness identifiers is preferable for concrete vulnerability tracking. Such referencing allows the use of keyword-based searches, which currently seem to yield more consistent results compared to information retrieval techniques. Further validation work is required for improving the precision of the techniques, however.

          Related collections

          Most cited references 20

          • Record: found
          • Abstract: not found
          • Article: not found

          Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors

            Bookmark
            • Record: found
            • Abstract: not found
            • Conference Proceedings: not found

            A novel TF-IDF weighting scheme for effective ranking

             Jiaul Paik (2013)
              Bookmark
              • Record: found
              • Abstract: not found
              • Conference Proceedings: not found

              Risk and argument: A risk-based argumentation method for practical security

                Bookmark

                Author and article information

                Journal
                05 September 2018
                Article
                10.1007/978-3-319-99133-7_22
                1809.01360

                http://arxiv.org/licenses/nonexclusive-distrib/1.0/

                Custom metadata
                Proceedings of the 29th International Conference on Database and Expert Systems Applications (DEXA 2018), Regensburg, Springer, pp.~265--277
                cs.IR cs.CR

                Information & Library science, Security & Cryptology

                Comments

                Comment on this article