English

Tracking Patches for Open Source Software Vulnerabilities

Software Engineering 2023-10-03 v2 Cryptography and Security

Abstract

Open source software (OSS) vulnerabilities threaten the security of software systems that use OSS. Vulnerability databases provide valuable information (e.g., vulnerable version and patch) to mitigate OSS vulnerabilities. There arises a growing concern about the information quality of vulnerability databases. However, it is unclear what the quality of patches in existing vulnerability databases is; and existing manual or heuristic-based approaches for patch tracking are either too expensive or too specific to apply to all OSS vulnerabilities.

Keywords

Cite

@article{arxiv.2112.02240,
  title  = {Tracking Patches for Open Source Software Vulnerabilities},
  author = {Congying Xu and Bihuan Chen and Chenhao Lu and Kaifeng Huang and Xin Peng and Yang Liu},
  journal= {arXiv preprint arXiv:2112.02240},
  year   = {2023}
}

Comments

Accepted to the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE)

R2 v1 2026-06-24T08:03:58.355Z