MSR 2020
Mon 29 - Tue 30 June 2020
co-located with ICSE 2020
Tue 30 Jun 2020 11:36 - 11:48 at MSR:Zoom2 - Security Chair(s): Dimitris Mitropoulos

In this paper, we collected a C/C++ code vulnerability dataset from open-source projects. We crawled the public Common Vulnerabilities and Exposures (CVE) database and CVE-related code repositories. From the CVE database, we collected the descriptive information of the vulnerabilities, e.g., CVE IDs, CVE severity scores, and CVE summaries. With the CVE information and its related published Git code repository links, we downloaded all of the code repositories and extract vulnerability related code changes. In total, our dataset contains 3754 code vulnerabilities spanning 91 different vulnerability types. All these code vulnerabilities are extracted from 348 Git projects. All this information has been stored in CSV format with clear structure. The code changes and CVE descriptive information were mapped to each other so that the dataset could be used for many research areas, e.g., vulnerability detection and vulnerability fixing patches identification.

Conference Day
Tue 30 Jun

Displayed time zone: (UTC) Coordinated Universal Time change

11:00 - 12:00
SecurityData Showcase / Technical Papers at MSR:Zoom2
Chair(s): Dimitris MitropoulosAthens University of Economics and Business

Q/A & Discussion of Session Papers over Zoom (Joining info available on Slack)

11:00
12m
Live Q&A
Did You Remember To Test Your Tokens?MSR - Technical Paper
Technical Papers
Danielle GonzalezRochester Institute of Technology, USA, Michael RathTechnische Universit├Ąt Ilmenau, Mehdi MirakhorliRochester Institute of Technology
DOI Pre-print Media Attached
11:12
12m
Live Q&A
Automatically Granted Permissions in Android appsMSR - Technical Paper
Technical Papers
Paolo Calciati IMDEA Software Institute, Konstantin KuznetsovSaarland University, CISPA, Alessandra GorlaIMDEA Software Institute, Andreas ZellerCISPA Helmholtz Center for Information Security
Media Attached
11:24
12m
Live Q&A
PUMiner: Mining Security Posts from Developer Question and Answer Websites with PU LearningMSR - Technical Paper
Technical Papers
Triet Le Huynh MinhThe University of Adelaide, David Hin, Roland Croft, Muhammad Ali BabarThe University of Adelaide
DOI Pre-print Media Attached
11:36
12m
Live Q&A
A C/C++ Code Vulnerability Dataset with Code Changes and CVE SummariesMSR - Data Showcase
Data Showcase
A: Jiahao FanNew Jersey Institute of Technology, USA, A: Yi LiNew Jersey Institute of Technology, USA, A: Shaohua WangNew Jersey Institute of Technology, USA, A: Tien N. NguyenUniversity of Texas at Dallas
Media Attached
11:48
12m
Live Q&A
The Impact of a Major Security Event on an Open Source Project: The Case of OpenSSLMSR - Technical Paper
Technical Papers
James WaldenNorthern Kentucky University
Pre-print Media Attached