TL;DR
This paper empirically analyzes various vulnerability detection techniques to guide decision-makers in choosing appropriate methods based on effectiveness, efficiency, and vulnerability characteristics in software projects.
Contribution
It provides an empirical comparison of vulnerability detection techniques and insights into their relationships with vulnerability types, exploitability, and fixing effort.
Findings
Different detection techniques vary in effectiveness and efficiency.
Certain techniques are better suited for specific vulnerability types.
Resource constraints influence vulnerability fixing in open source projects.
Abstract
Vulnerability detection plays a key role in secure software development. There are many different vulnerability detection tools and techniques to choose from, and insufficient information on which vulnerability detection techniques to use and when. The goal of this research is to assist managers and other decision-makers on software projects in making informed choices about the use of different software vulnerability detection techniques through empirical analysis of the efficiency and effectiveness of each technique. We will examine the relationships between the vulnerability detection technique used to find a vulnerability, the type of vulnerability found, the exploitability of the vulnerability, and the effort needed to fix a vulnerability on two projects where we ensure all vulnerabilities found have been fixed. We will then examine how these relationships are seen in Open Source…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.