This repository contains the replication package for the paper "Featherweight Assisted Vulnerability Discovery", David Binkley, Leon Moonen, Sibren Isaacman, Information and Software Technology, 2022, 106844, ISSN 0950-5849, DOI: 10.1016/j.infsof.2022.106844. https://www.sciencedirect.com/science/article/pii/S0950584922000209.
The replication package is archived on Zenodo with DOI: 10.5281/zenodo.5957264. The source code is distributed under the MIT license, the data is distributed under the CC BY 4.0 license.
The overall process consists of three steps, organized as three directories:
- gathering of the labeled function names that are used as the source for step 2, in
names - dangerous word identification, in
dangerous-words - analysis of the data gathered during step 2, in
analysis
The directory Model holds a copy of the pre-trained LAVDNN model as provided by the authors at
https://github.com/StablelJay/LAVDNN/raw/master/Model/model_of_LAVDNN
The following tools are required for the replication:
- python >= 3.5
- R
- tcsh
- csvcut from csvkit
- cntk as keras backend for running the LAVDNN model
In addition, the following python packages are needed
Finally, for the analysis in step 3, the following R libraries are needed:
- agricolae, ggplot2, reshape2, xtable
If you build on this data or code, please cite this work by referring to the paper:
@article{binkley2022:featherweight,
title = {Featherweight assisted vulnerability discovery},
author = {David Binkley and Leon Moonen and Sibren Isaacman},
journal = {Information and Software Technology},
pages = {106844},
year = {2022},
issn = {0950-5849},
doi = {https://doi.org/10.1016/j.infsof.2022.106844},
url = {https://www.sciencedirect.com/science/article/pii/S0950584922000209},
copyright = {Open Access},
publisher = {Elsevier},
}
Part of this work has been financially supported by the Research Council of Norway through the secureIT project (RCN contract #288787).