APSEC 2024
Tue 3 - Fri 6 December 2024 China
Wed 4 Dec 2024 16:00 - 16:30 at Room 4 (Xianglin Ballroom) - Session (7) Chair(s): Cuiyun Gao

Aligning software product versions to commits is extremely important for fixing vulnerabilities in released versions. Existing work is proposed based on tags in the code repository. However, in practice, many software versions widely used in IT companies are reported with many high-risk vulnerabilities. In contrast, they have no indicator information (i.e., tags) in their source code repository. Such a situation results in the difficulty of tracing special versions to their particular commits for effectively fixing vulnerabilities. In this paper, we first study the software released on the Maven repository and hosted on GitHub. We collect and analyze the statistics of those versions that are reported with high-risk vulnerabilities but have no explicit information to locate the commit where they are released. To effectively locate the commits where a special version is released, we propose a novel approach named ContentAlignment and make a comprehensive comparison with three baselines that are proposed based on the two most common strategies: time-based ones and range-based ones. The experimental results on our built dataset indicate that ContentAlignment can obtain a good performance of 0.89 in terms of accuracy when identifying the commit range which covers the truth release commit of a specific version and improves baselines by 50.3%-102.2%. Besides, we also conduct a human study with 10 participants to evaluate the performance and usefulness of ContentAlignment, the user feedback indicates that ContentAlignment can effectively help participants align vulnerability versions to commits to the code repository

Wed 4 Dec

Displayed time zone: Beijing, Chongqing, Hong Kong, Urumqi change

16:00 - 17:30
Session (7)Technical Track / ERA - Early Research Achievements at Room 4 (Xianglin Ballroom)
Chair(s): Cuiyun Gao Harbin Institute of Technology
16:00
30m
Talk
Automatic Commit Range Identification of Untagged Version
Technical Track
Yan Zhu Zhejiang University, Lingfeng Bao Zhejiang University, Chengjie Chen Zhejiang University, Lexiao Zhang School of Software Technology, Zhejiang University, Xin Yin Zhejiang University, Chao Ni Zhejiang University
16:30
30m
Talk
Classifying Bug Issue Types for Deep Learning-oriented Projects with Pre-Trained Model
Technical Track
Zixuan Zeng School of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Yu Zhao , Lina Gong Nanjing University of Aeronautics and Astronautic
17:00
20m
Talk
GHA-BFP: Framework for Automated Build Failure Prediction in GitHub Actions
ERA - Early Research Achievements
Jiatai Li National University of Defense Technology, Yang Zhang National University of Defense Technology, China, Tao Wang National University of Defense Technology, Yiwen Wu National University of Defense Technology