Identifying Vulnerable Third-Party Libraries from Textual Descriptions of Vulnerabilities and Libraries. (arXiv:2307.08206v2 [cs.CR] UPDATED)

To address security vulnerabilities arising from third-party libraries,
security researchers maintain databases monitoring and curating vulnerability
reports, e.g., the National Vulnerability Database (NVD). Application
developers can identify vulnerable libraries by directly querying the databases
with the name of each used library. However, the querying results of vulnerable
libraries are not reliable due to the incompleteness of vulnerability reports.
Thus, current approaches model the task of identifying vulnerable libraries as
a named-entity-recognition (NER) task or an extreme multi-label learning (XML)
task. …

address application application developers database databases descriptions developers identify library monitoring name national national vulnerability database nvd party reports researchers results security security researchers third third-party vulnerabilities vulnerability vulnerability database vulnerability reports vulnerable