all InfoSec news
VFCFinder: Seamlessly Pairing Security Advisories and Patches. (arXiv:2311.01532v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
Security advisories are the primary channel of communication for discovered
vulnerabilities in open-source software, but they often lack crucial
information. Specifically, 63% of vulnerability database reports are missing
their patch links, also referred to as vulnerability fixing commits (VFCs).
This paper introduces VFCFinder, a tool that generates the top-five ranked set
of VFCs for a given security advisory using Natural Language Programming
Language (NL-PL) models. VFCFinder yields a 96.6% recall for finding the
correct VFC within the Top-5 commits, and …
channel communication database information links missing open-source software patch patches reports security security advisories software tool vulnerabilities vulnerability vulnerability database