Write a Blog >>
MSR 2022
Mon 23 - Tue 24 May 2022
co-located with ICSE 2022
Thu 19 May 2022 21:00 - 21:07 at MSR Main room - odd hours - Session 13: Security & Quality Chair(s): Gias Uddin

Many studies have developed Machine Learning (ML) approaches to detect Software Vulnerabilities (SVs) in functions and fine-grained code statements that cause such SVs. However, there is little work on leveraging such detection outputs for data-driven SV assessment to give information about exploitability, impact, and severity of SVs. The information is important to understand SVs and prioritize their fixing. Using large-scale data from 1,782 functions of 429 SVs in 200 real-world projects, we investigate ML models for automating function-level SV assessment tasks, i.e., predicting seven Common Vulnerability Scoring System (CVSS) metrics. We particularly study the value and use of vulnerable statements as inputs for developing the assessment models because SVs in functions are originated in these statements. We show that vulnerable statements are 5.8 times smaller in size, yet exhibit 7.5-114.5% stronger assessment performance (Matthews Correlation Coefficient (MCC)) than non-vulnerable statements. Incorporating context of vulnerable statements further increases the performance by up to 8.9% (0.64 MCC and 0.75 F1-Score). Overall, we provide the initial yet promising ML-based baselines for function-level SV assessment, paving the way for further research in this direction.

Thu 19 May

Displayed time zone: Eastern Time (US & Canada) change

21:00 - 21:50
Session 13: Security & QualityTechnical Papers / Data and Tool Showcase Track / Registered Reports / Industry Track at MSR Main room - odd hours
Chair(s): Gias Uddin University of Calgary, Canada
21:00
7m
Talk
On the Use of Fine-grained Vulnerable Code Statements for Software Vulnerability Assessment Models
Technical Papers
Triet Le Huynh Minh The University of Adelaide, Muhammad Ali Babar University of Adelaide
Pre-print
21:07
7m
Talk
LineVD: Statement-level Vulnerability Detection using Graph Neural Networks
Technical Papers
David Hin The University of Adelaide, Andrey Kan The University of Adelaide, Huaming Chen The University of Adelaide, Muhammad Ali Babar University of Adelaide
21:14
7m
Talk
LineVul: A Transformer-based Line-Level Vulnerability Prediction
Technical Papers
Michael Fu Monash University, Chakkrit Tantithamthavorn Monash University
Pre-print
21:21
4m
Talk
ECench: An Energy Bug Benchmark of Ethereum Client Software
Data and Tool Showcase Track
Jinyoung Kim Sungkyunkwan University, Misoo Kim Sungkyunkwan University, Eunseok Lee Sungkyunkwan University
21:25
7m
Talk
Microsoft CloudMine: Data Mining for the Executive Order on Improving the Nation’s Cybersecurity
Industry Track
Kim Herzig Tools for Software Engineers, Microsoft, Luke Gostling Microsoft Corporation, Maximilian Grothusmann Microsoft Corporation, Nora Huang Microsoft Corporation, Sascha Just Microsoft, Alan Klimowski Microsoft Corporation, Yashasvini Ramkumar Microsoft Corporation, Myles McLeroy Microsoft Corporation, Kıvanç Muşlu Microsoft, Hitesh Sajnani Microsoft , Varsha Vadaga Microsoft Corporation
21:32
4m
Talk
Evaluating few shot and Contrastive learning Methods for Code Clone Detection
Registered Reports
Mohamad Khajezade University of British Columbia, Fatemeh Hendijani Fard University of British Columbia, Mohamed S Shehata University of British Columbia
Pre-print
21:36
14m
Live Q&A
Discussions and Q&A
Technical Papers


Information for Participants
Thu 19 May 2022 21:00 - 21:50 at MSR Main room - odd hours - Session 13: Security & Quality Chair(s): Gias Uddin
Info for room MSR Main room - odd hours:

Click here to go to the room on Midspace