Learning to Identify Security-RelatedIssues Using Convolutional Neural Networks

08/01/2019
by   David N. Palacio, et al.
0

Software security is becoming a high priority for both large companies and start-ups alike due to the increasing potential for harm that vulnerabilities and breaches carry with them. However, attaining robust security assurance while delivering features requires a precarious balancing act in the context of agile development practices. One path forward to help aid development teams in securing their software products is through the design and development of security-focused automation. Ergo, we present a novel approach, called SecureReqNet, for automatically identifying whether issues in software issue tracking systems describe security-related content. Our approach consists of a two-phase neural net architecture that operates purely on the natural language descriptions of issues. The first phase of our approach learns high dimensional word embeddings from hundreds of thousands of vulnerability descriptions listed in the CVE database and issue descriptions extracted from open source projects. The second phase then utilizes the semantic ontology represented by these embeddings to train a convolutional neural network capable of predicting whether a given issue is security-related. We evaluated by applying it to identify security-related issues from a dataset of thousands of issues mined from popular projects on GitLab and GitHub. In addition, we also applied our approach to identify security-related requirements from a commercial software project developed by a major telecommunication company. Our preliminary results are encouraging, with SecureReqNet achieving an accuracy of 96

READ FULL TEXT

page 1

page 2

page 3

research
08/01/2019

Learning to Identify Security-Related Issues Using Convolutional Neural Networks

Software security is becoming a high priority for both large companies a...
research
06/02/2020

Descriptions of issues and comments for predicting issue success in software projects

Software development tasks must be performed successfully to achieve sof...
research
02/07/2019

A Manually-Curated Dataset of Fixes to Vulnerabilities of Open-Source Software

Advancing our understanding of software vulnerabilities, automating thei...
research
08/25/2023

Communicating on Security within Software Development Issue Tracking

During software development, balancing security and non security issues ...
research
06/24/2020

Exploring the Security Awareness of the Python and JavaScript Open Source Communities

Software security is undoubtedly a major concern in today's software eng...
research
07/10/2023

A Novel Approach to Identify Security Controls in Source Code

Secure by Design has become the mainstream development approach ensuring...
research
06/05/2019

Inspection Guidelines to Identify Security Design Flaws

Recent trends in the software development practices (Agile, DevOps, CI) ...

Please sign up or login with your details

Forgot password? Click here to reset