all InfoSec news
CHRONOS: Time-Aware Zero-Shot Identification of Libraries from Vulnerability Reports. (arXiv:2301.03944v1 [cs.SE])
cs.CR updates on arXiv.org arxiv.org
Tools that alert developers about library vulnerabilities depend on accurate,
up-to-date vulnerability databases which are maintained by security
researchers. These databases record the libraries related to each
vulnerability. However, the vulnerability reports may not explicitly list every
library and human analysis is required to determine all the relevant libraries.
Human analysis may be slow and expensive, which motivates the need for
automated approaches. Researchers and practitioners have proposed to
automatically identify libraries from vulnerability reports using extreme
multi-label learning (XML). …
alert analysis automated aware databases developers human identification library list may reports researchers security security researchers slow tools up-to-date vulnerabilities vulnerability vulnerability reports