all InfoSec news
On the Use of Fine-grained Vulnerable Code Statements for Software Vulnerability Assessment Models. (arXiv:2203.08417v1 [cs.SE])
cs.CR updates on arXiv.org arxiv.org
Many studies have developed Machine Learning (ML) approaches to detect
Software Vulnerabilities (SVs) in functions and fine-grained code statements
that cause such SVs. However, there is little work on leveraging such detection
outputs for data-driven SV assessment to give information about exploitability,
impact, and severity of SVs. The information is important to understand SVs and
prioritize their fixing. Using large-scale data from 1,782 functions of 429 SVs
in 200 real-world projects, we investigate ML models for automating
function-level SV assessment …
assessment code se software vulnerability vulnerability assessment vulnerable