EASE 2024
Tue 18 - Fri 21 June 2024 Salerno, Italy
Thu 20 Jun 2024 10:30 - 11:00 at Room Capri - Poster Exhibition

Software vulnerabilities are flaws in a product that compromise system security. In large software systems, developers struggle to pinpoint vulnerable statements from vulnerable functions when new vulnerabilities arise. Existing research underutilizes vulnerability reports which can provide crucial contextual information for identifying vulnerable functions and their corresponding statements in source code. This paper introduces an information retrievalbased approach named Vulnerable Functions and Statements Detector (VFSDetector), aimed at identifying vulnerable functions and pinpointing vulnerable statements within source code using vulnerability reports. VFSDetector assesses vulnerable functions by comparing textual content from vulnerability report corpora with source code corpora. This involves modifying the conventional Vector Space Model termed as revised Vector Space Model (rVSM). The effectiveness of this methodology is initially evaluated by examining 10 vulnerability reports from seven prominent open-source projects. Results indicate that VFSDetector accurately identifies the genuine vulnerable function as the 1st ranked function in 40% cases and accurately pinpoint vulnerable statements in 20% cases. Furthermore, it places the actual vulnerable function within the top five ranks in 90% cases and vulnerable statement in 70% cases. It ranks vulnerable functions within the top seven rank and vulnerable statements in top fifteen rank for all analyzed reports. Consequently, developers can leverage these findings to accelerate the implementation of successful patches on vulnerable functions in specific statements

Thu 20 Jun

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

10:30 - 11:00
Poster ExhibitionPosters at Room Capri
10:30
30m
Poster
Automatic detection and correction of code errors applying machine learning - current research state
Posters
Aneta Poniszewska-Maranda Institute of Information Technology, Lodz University of Technology, Wiktoria Sarniak Institute of Information Technology, Lodz University of Technology, Marcin Cegielski Institute of Information Technology, Lodz University of Technology
10:30
30m
Poster
Automated Software Vulnerability Detection in Statement Level using Vulnerability Reports
Posters
Rabaya Sultana Mim Institute of Information Technology, University of Dhaka, Toukir Ahammed Institute of Information Technology, University of Dhaka, Kazi Sakib Institute of Information Technology, University of Dhaka
10:30
30m
Poster
New experimental design to capture bias using LLM to validate security threats
Posters
Winnie Bahati Mbaka Vrije Universiteit