all InfoSec news
Multi-Granularity Detector for Vulnerability Fixes. (arXiv:2305.13884v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
With the increasing reliance on Open Source Software, users are exposed to
third-party library vulnerabilities. Software Composition Analysis (SCA) tools
have been created to alert users of such vulnerabilities. SCA requires the
identification of vulnerability-fixing commits. Prior works have proposed
methods that can automatically identify such vulnerability-fixing commits.
However, identifying such commits is highly challenging, as only a very small
minority of commits are vulnerability fixing. Moreover, code changes can be
noisy and difficult to analyze. We observe that noise …
alert analysis detector exposed fixes identification identify library open source party sca software software composition analysis third third-party tools vulnerabilities vulnerability