1 code implementation • 7 May 2021 • Therese Fehrer, Rocío Cabrera Lozoya, Antonino Sabetta, Dario Di Nucci, Damian A. Tamburri
The sources of reliable, code-level information about vulnerabilities that affect open-source software (OSS) are scarce, which hinders a broad adoption of advanced tools that provide code-level detection and assessment of vulnerable OSS dependencies.
2 code implementations • 24 Mar 2021 • Daan Hommersom, Antonino Sabetta, Bonaventura Coppola, Dario Di Nucci, Damian A. Tamburri
When considering the top-10 commits in the ranked results, our implementation could successfully identify at least one fix commit for up to 84. 03% of the vulnerabilities (with a fix commit on the first position for 65. 06% of the vulnerabilities).
no code implementations • 18 Nov 2019 • Rocìo Cabrera Lozoya, Arnaud Baumann, Antonino Sabetta, Michele Bezzi
In this work, we elaborate upon a state-of-the-art approach to the representation of source code that uses information about its syntactic structure, and we adapt it to represent source changes (i. e., commits).
no code implementations • 15 Nov 2019 • Achyudh Ram, Ji Xin, Meiyappan Nagappan, Yao-Liang Yu, Rocío Cabrera Lozoya, Antonino Sabetta, Jimmy Lin
Public vulnerability databases such as CVE and NVD account for only 60% of security vulnerabilities present in open-source projects, and are known to suffer from inconsistent quality.
3 code implementations • 7 Feb 2019 • Serena E. Ponta, Henrik Plate, Antonino Sabetta, Michele Bezzi, Cédric Dangremont
While operating a vulnerability assessment tool that we developed and that is currently used by hundreds of development units at SAP, we manually collected and curated a dataset of vulnerabilities of open-source software and the commits fixing them.
3 code implementations • 15 Jun 2018 • Serena E. Ponta, Henrik Plate, Antonino Sabetta
The use of open-source software (OSS) is ever-increasing, and so is the number of open-source vulnerabilities being discovered and publicly disclosed.
Cryptography and Security Software Engineering
3 code implementations • 20 Apr 2015 • Henrik Plate, Serena Elisa Ponta, Antonino Sabetta
Software applications integrate more and more open-source software (OSS) to benefit from code reuse.
Cryptography and Security Software Engineering