AI Chat AI Image Generator AI Video Text to Speech

Tracing Vulnerable Code Lineage

03/23/2021
by   David Reid, et al.
0

This paper presents results from the MSR 2021 Hackathon. Our team investigates files/projects that contain known security vulnerabilities and how widespread they are throughout repositories in open source software. These security vulnerabilities can potentially be propagated through code reuse even when the vulnerability is fixed in different versions of the code. We utilize the World of Code infrastructure to discover file-level duplication of code from a nearly complete collection of open source software. This paper describes a method and set of tools to find all open source projects that use known vulnerable files and any previous revisions of those files.

READ FULL TEXT

page 1

page 2

page 3

page 4

Related Research

research
08/01/2022

Trust Challenges in Reusing Open Source Software: An Interview-based Initial Study

Open source projects play a significant role in software production. Mos...
0 Javad Ghofrani, et al.
research
08/13/2021

VulnEx: Exploring Open-Source Software Vulnerabilities in Large Development Organizations to Understand Risk Exposure

The prevalent usage of open-source software (OSS) has led to an increase...
0 Frederik L. Dennig, et al.
research
05/07/2021

Detecting Security Fixes in Open-Source Repositories using Static Code Analyzers

The sources of reliable, code-level information about vulnerabilities th...
0 Therese Fehrer, et al.
research
06/15/2018

Beyond Metadata: Code-centric and Usage-based Analysis of Known Vulnerabilities in Open-source Software

The use of open-source software (OSS) is ever-increasing, and so is the ...
0 Serena E. Ponta, et al.
research
06/01/2021

On using distributed representations of source code for the detection of C security vulnerabilities

This paper presents an evaluation of the code representation model Code2...
21 David Coimbra, et al.
research
08/29/2018

Timelines for In-Code Discovery of Zero-Day Vulnerabilities and Supply-Chain Attacks

Zero-day vulnerabilities can be accidentally or maliciously placed in co...
0 Andrew J. Lohn, et al.
research
12/03/2019

The most frequent programming mistakes that cause software vulnerabilities

All computer programs have flaws, some of which can be exploited to gain...
0 Raul Barbosa, et al.

Please sign up or login with your details

Forgot password? Click here to reset

Out of credits

Refill your membership to continue using DeepAI

Stripe
Paypal