Write a Blog >>
ICSE 2023
Sun 14 - Sat 20 May 2023 Melbourne, Australia
Fri 19 May 2023 16:30 - 16:37 at Meeting Room 105 - Vulnerability testing and patching Chair(s): Cristian Cadar

With the rapid development of open source projects, the continuous emergence of vulnerabilities in the project brings great challenges to the security of the project. Security patches are one of the best ways to deal with vulnerabilities, but are not well applied currently. Although there are sites like CVE/NVD that provide information about vulnerabilities, many of the vulnerabilities disclosed by CVE/NVD are not accompanied by security patches. This makes it difficult for developers to apply patches. In the present study, a sorting method based on extracting multidimensional features from auxiliary information in CVE/NVD was proposed. And we made a further step, we proposed VCMATCH, a model for mining semantic information in vulnerability description and code commit messages, which has good recall rate and applicability across projects. On this basis, we established Patchmatch, a tool for helping developers to quickly locate patches. Given a vulnerability, Patchmatch can forecast the implicit patches in the code repository’s commits. Patchmatch also has a visual webpage for information statistics and a display web page to help developers manage all kinds of information in the code repository. A demo video of Patchmatch is at https://www.youtube.com/watch?v=47UOe0 -WE0. Patchmatch is in https://github.com/Sklud1456/patchmatch.

Fri 19 May

Displayed time zone: Hobart change

15:45 - 17:15
Vulnerability testing and patchingTechnical Track / Journal-First Papers / DEMO - Demonstrations at Meeting Room 105
Chair(s): Cristian Cadar Imperial College London, UK
15:45
15m
Talk
Silent Vulnerable Dependency Alert Prediction with Vulnerability Key Aspect Explanation
Technical Track
Jiamou Sun CSIRO's Data61, Zhenchang Xing , Qinghua Lu CSIRO’s Data61, Xiwei (Sherry) Xu CSIRO’s Data61, Liming Zhu CSIRO’s Data61, Thong Hoang Data61, CSIRO, Dehai Zhao Australian National University, Australia
16:00
15m
Talk
Compatible Remediation on Vulnerabilities from Third-Party Libraries for Java ProjectsDistinguished Paper Award
Technical Track
Lyuye Zhang Nanyang Technological University, Chengwei Liu Nanyang Technological University, Singapore, Zhengzi Xu Nanyang Technological University, Sen Chen Tianjin University, Lingling Fan Nankai University, Lida Zhao Nanyang Technological University, Wu Jiahui Nanyang Technological University, Yang Liu Nanyang Technological University
16:15
15m
Talk
Automated Black-box Testing of Mass Assignment Vulnerabilities in RESTful APIs
Technical Track
Davide Corradini University of Verona, Michele Pasqua University of Verona, Mariano Ceccato University of Verona
Pre-print
16:30
7m
Talk
Patchmatch: A Tool for Locating Patches of Open Source Project Vulnerabilities
DEMO - Demonstrations
Kedi Shen Zhejiang university city college, Yun Zhang Zhejiang University City College, Lingfeng Bao Zhejiang University, Zhiyuan Wan Zhejiang University, Zhuorong Li Zhejiang university city college, Minghui Wu Zhejiang University City College}
16:37
8m
Talk
Software Updates Strategies: a Quantitative Evaluation against Advanced Persistent Threats
Journal-First Papers
Giorgio Di Tizio University of Trento, Michele Armellini University of Trento, Fabio Massacci University of Trento; Vrije Universiteit Amsterdam
16:45
7m
Talk
SSPCatcher: Learning to Catch Security Patches
Journal-First Papers
Arthur D. Sawadogo Université du Québec à Montréal, Tegawendé F. Bissyandé SnT, University of Luxembourg, Naouel Moha École de Technologie Supérieure (ETS), Kevin Allix CentraleSupelec Rennes, Jacques Klein University of Luxembourg, Li Li Beihang University, Yves Le Traon University of Luxembourg, Luxembourg
16:52
15m
Talk
CoLeFunDa: Explainable Silent Vulnerability Fix Identification
Technical Track
Jiayuan Zhou Huawei, Michael Pacheco Centre for Software Excellence, Huawei, Jinfu Chen Centre for Software Excellence, Huawei, Canada, Xing Hu Zhejiang University, Xin Xia Huawei, David Lo Singapore Management University, Ahmed E. Hassan Queen’s University