PROMISE 2025
Thu 26 Jun 2025 Trondheim, Norway
co-located with FSE 2025
FSE 2025 (series) / PROMISE 2025 (series) / PROMISE 2025 /

Security Bug Report Prediction Within and Across Projects: A Comparative Study of BERT and Random Forest

Farnaz Soltaniani, Mohammad Ghafari, Mohammed Sayagh
PROMISE 2025
Thu 26 Jun 2025 17:01 - 17:15 at Vega - Session 3 Chair(s): Yinxi Liu

Early detection of security bug reports (SBRs) is crucial for preventing vulnerabilities and ensuring system reliability. While machine learning models have been developed for SBR prediction, their predictive performance still has room for improvement. In this study, we conduct a comprehensive comparison between BERT and Random Forest (RF), a competitive baseline for predicting SBRs. The results show that RF outperforms BERT with a 34% higher average G-measure for within-project predictions. Adding only SBRs from various projects improves both models’ average performance. However, including both security and nonsecurity bug reports significantly reduces RF’s average performance to 46%, while boosts BERT to its best average performance of 66%, surpassing RF. In cross-project SBR prediction, BERT achieves a remarkable 62% G-measure, which is substantially higher than RF.

small-avatar
Farnaz Soltaniani
TU Clausthal
Mohammad Ghafari
Mohammad Ghafari
TU Clausthal
Germany
Mohammed Sayagh
Mohammed Sayagh
ETS Montreal, University of Quebec
Canada

Thu 26 Jun

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

16:00 - 18:00
Session 3PROMISE 2025 at Vega
Chair(s): Yinxi Liu Rochester Institute of Technology
16:00
15m
Talk
Leveraging LLM Enhanced Commit Messages to Improve Machine Learning Based Test Case Prioritization
PROMISE 2025
Yara Q Mahmoud Ontario Tech University, Akramul Azim Ontario Tech University, Ramiro Liscano Ontario Tech University, Kevin Smith International Business Machines Corporation (IBM), Yee-Kang Chang International Business Machines Corporation (IBM), Gkerta Seferi International Business Machines Corporation (IBM), Qasim Tauseef International Business Machines Corporation (IBM)
16:16
14m
Talk
Designing and Optimizing Alignment Datasets for IoT Security: A Synergistic Approach with Static Analysis Insights
PROMISE 2025
Ahmad Al-Zuraiqi Queen's University Belfast, Desmond Greer Queens University 
16:31
14m
Talk
Efficient Adaptation of Large Language Models for Smart Contract Vulnerability Detection
PROMISE 2025
Fadul Sikder Department of Computer Science and Engineering, The University of Texas at Arlington, Jeff Yu Lei University of Texas at Arlington, Yuede Ji Department of Computer Science and Engineering, The University of Texas at Arlington
16:46
14m
Talk
A Combined Approach to Performance Regression Testing Resource Usage Reduction
PROMISE 2025
Milad Abdullah Charles University, David Georg Reichelt Lancaster University Leipzig, Leipzig, Germany, Vojtech Horky Charles University, Lubomír Bulej Charles University, Tomas Bures Charles University, Czech Republic, Petr Tuma Charles University
17:01
14m
Talk
Security Bug Report Prediction Within and Across Projects: A Comparative Study of BERT and Random Forest
PROMISE 2025
Farnaz Soltaniani TU Clausthal, Mohammad Ghafari TU Clausthal, Mohammed Sayagh ETS Montreal, University of Quebec
17:16
9m
Talk
Towards Build Optimization Using Digital Twins
PROMISE 2025
Henri Aïdasso École de technologie supérieure (ÉTS), Francis Bordeleau École de Technologie Supérieure (ETS), Ali Tizghadam TELUS
17:26
4m
Day closing
Closing
PROMISE 2025


Information for Participants
Thu 26 Jun 2025 16:00 - 18:00 at Vega - Session 3 Chair(s): Yinxi Liu
Info for room Vega:

Vega is close to the registration desk.

Facing the registration desk, its entrance is on the left, close to the hotel side entrance.