VulinOSS: A dataset of security vulnerabilities in open-source systems

Antonios Gkortzis; Dimitris Mitropoulos; Diomidis Spinellis

doi:10.1145/3196398.3196454

VulinOSS: A dataset of security vulnerabilities in open-source systems

Antonios Gkortzis, Dimitris Mitropoulos, Diomidis Spinellis

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

45 Citations (Scopus)

Abstract

Examining the different characteristics of open-source software in relation to security vulnerabilities, can provide the research community with findings that can lead to the development of more secure systems. We present a dataset where the reported vulnerabilities of 8694 open-source project versions, can be correlated with the corresponding source code and a number of software metrics. The metrics were obtained by analyzing the project's source code via well-established tools. Apart from commonly used metrics (e.g. loc), we also provide data related to modern development trends such as continuous integration and testing. We outline motivational examples based on the dataset we describe.

Original language	English
Title of host publication	Proceedings - 2018 ACM/IEEE 15th International Conference on Mining Software Repositories, MSR 2018
Publisher	IEEE
Pages	18-21
Number of pages	4
ISBN (Print)	9781450357166
DOIs	https://doi.org/10.1145/3196398.3196454
Publication status	Published - 28 May 2018
Externally published	Yes
Event	15th ACM/IEEE International Conference on Mining Software Repositories, MSR 2018, co-located with the 40th International Conference on Software Engineering, ICSE 2018 - Gothenburg, Sweden Duration: 28 May 2018 → 29 May 2018

Publication series

Name	Proceedings - International Conference on Software Engineering
ISSN (Print)	0270-5257

Conference

Conference	15th ACM/IEEE International Conference on Mining Software Repositories, MSR 2018, co-located with the 40th International Conference on Software Engineering, ICSE 2018
Country/Territory	Sweden
City	Gothenburg
Period	28/05/18 → 29/05/18

Keywords

continuous integration
open-source software
security vulnerabilities
testing

Access to Document

10.1145/3196398.3196454

Cite this

@inproceedings{985e9900f04d4a0cb747fa46e47e6d93,

title = "VulinOSS: A dataset of security vulnerabilities in open-source systems",

abstract = "Examining the different characteristics of open-source software in relation to security vulnerabilities, can provide the research community with findings that can lead to the development of more secure systems. We present a dataset where the reported vulnerabilities of 8694 open-source project versions, can be correlated with the corresponding source code and a number of software metrics. The metrics were obtained by analyzing the project's source code via well-established tools. Apart from commonly used metrics (e.g. loc), we also provide data related to modern development trends such as continuous integration and testing. We outline motivational examples based on the dataset we describe.",

keywords = "continuous integration, open-source software, security vulnerabilities, testing",

author = "Antonios Gkortzis and Dimitris Mitropoulos and Diomidis Spinellis",

year = "2018",

month = may,

day = "28",

doi = "10.1145/3196398.3196454",

language = "English",

isbn = "9781450357166",

series = "Proceedings - International Conference on Software Engineering",

publisher = "IEEE",

pages = "18--21",

booktitle = "Proceedings - 2018 ACM/IEEE 15th International Conference on Mining Software Repositories, MSR 2018",

address = "United States",

note = "15th ACM/IEEE International Conference on Mining Software Repositories, MSR 2018, co-located with the 40th International Conference on Software Engineering, ICSE 2018 ; Conference date: 28-05-2018 Through 29-05-2018",

}

Gkortzis, A, Mitropoulos, D & Spinellis, D 2018, VulinOSS: A dataset of security vulnerabilities in open-source systems. in Proceedings - 2018 ACM/IEEE 15th International Conference on Mining Software Repositories, MSR 2018. Proceedings - International Conference on Software Engineering, IEEE, pp. 18-21, 15th ACM/IEEE International Conference on Mining Software Repositories, MSR 2018, co-located with the 40th International Conference on Software Engineering, ICSE 2018, Gothenburg, Sweden, 28/05/18. https://doi.org/10.1145/3196398.3196454

VulinOSS: A dataset of security vulnerabilities in open-source systems. / Gkortzis, Antonios; Mitropoulos, Dimitris; Spinellis, Diomidis.
Proceedings - 2018 ACM/IEEE 15th International Conference on Mining Software Repositories, MSR 2018. IEEE, 2018. p. 18-21 (Proceedings - International Conference on Software Engineering).

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - VulinOSS

T2 - 15th ACM/IEEE International Conference on Mining Software Repositories, MSR 2018, co-located with the 40th International Conference on Software Engineering, ICSE 2018

AU - Gkortzis, Antonios

AU - Mitropoulos, Dimitris

AU - Spinellis, Diomidis

PY - 2018/5/28

Y1 - 2018/5/28

N2 - Examining the different characteristics of open-source software in relation to security vulnerabilities, can provide the research community with findings that can lead to the development of more secure systems. We present a dataset where the reported vulnerabilities of 8694 open-source project versions, can be correlated with the corresponding source code and a number of software metrics. The metrics were obtained by analyzing the project's source code via well-established tools. Apart from commonly used metrics (e.g. loc), we also provide data related to modern development trends such as continuous integration and testing. We outline motivational examples based on the dataset we describe.

AB - Examining the different characteristics of open-source software in relation to security vulnerabilities, can provide the research community with findings that can lead to the development of more secure systems. We present a dataset where the reported vulnerabilities of 8694 open-source project versions, can be correlated with the corresponding source code and a number of software metrics. The metrics were obtained by analyzing the project's source code via well-established tools. Apart from commonly used metrics (e.g. loc), we also provide data related to modern development trends such as continuous integration and testing. We outline motivational examples based on the dataset we describe.

KW - continuous integration

KW - open-source software

KW - security vulnerabilities

KW - testing

UR - http://www.scopus.com/inward/record.url?scp=85051665375&partnerID=8YFLogxK

U2 - 10.1145/3196398.3196454

DO - 10.1145/3196398.3196454

M3 - Conference contribution

AN - SCOPUS:85051665375

SN - 9781450357166

T3 - Proceedings - International Conference on Software Engineering

SP - 18

EP - 21

BT - Proceedings - 2018 ACM/IEEE 15th International Conference on Mining Software Repositories, MSR 2018

PB - IEEE

Y2 - 28 May 2018 through 29 May 2018

ER -

VulinOSS: A dataset of security vulnerabilities in open-source systems

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this