Abstract
Security bugs are critical programming errors that can lead to serious vulnerabilities in software. Examining their behaviour and characteristics within a software ecosystem can provide the research community with data regarding their evolution, persistence and others. We present a dataset that we produced by applying static analysis to the Maven Central Repository (approximately 265GB of data) in order to detect potential security bugs. For our analysis we used FindBugs, a tool that examines Java bytecode to detect numerous types of bugs. The dataset contains the metrics’ results that FindBugs reports for every project version (a JAR) included in the ecosystem. For every version in our data repository, we also store specific metadata, such as the JAR’s size, its dependencies and others. Our dataset can be used to produce interesting research results involving security bugs, as we show in specific examples.
Original language | English |
---|---|
Title of host publication | Proceedings - 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2014 |
Pages | 69-74 |
Number of pages | 6 |
DOIs | |
Publication status | Published - 1 Apr 2016 |
Event | 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security - Wroclaw, Poland Duration: 11 Sept 2014 → 11 Sept 2014 Conference number: 3 |
Conference
Conference | 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security |
---|---|
Abbreviated title | BADGERS 2014 |
Country/Territory | Poland |
City | Wroclaw |
Period | 11/09/14 → 11/09/14 |
Keywords
- FindBugs
- Maven Repository
- Security Bugs
- Software Ecosystem
- Software Evolution
- Software Security
- Static Analysis