Coder Social home page Coder Social logo

ssdlc-mozilla_firefox_vulnerability_data's Introduction

Mozilla_Firefox_Vulnerability_Data

Dataset of known vulnerabilities in the Mozilla Firefox project.

Cite as:

@article{yu2018improving,
  title={Improving Vulnerability Inspection Efficiency Using Active Learning},
  author={Yu, Zhe and Theisen, Christopher and Williams, Laurie and Menzies, Tim},
  journal={arXiv preprint arXiv:1803.06545},
  year={2018}
}

Dependent Variable:

Each row in vulnerabilities.csv related to a bug report being classified as security vulnerability-related by human reviewers.

Mapping between vulnerability types in vulnerabilities.csv to the categories in the paper:

{'arbitrary-code': 'Protection Mechanism Failure', 'injection': 'Protection Mechanism Failure', 'Code - Security Features - Protection Mechanism Failure': 'Protection Mechanism Failure', 'cross-site-scripting': 'Protection Mechanism Failure', 'Code - Resource Management Error - Improper Resource Shutdown or Release': 'Resource Management Errors', 'data-leakage': 'Resource Management Errors', 'use-after-free': 'Resource Management Errors', 'Code - Resource Management Error - Uncontrolled Resource Consumption': 'Resource Management Errors', 'Code - Resource Management Error': 'Resource Management Errors', 'spoofing': 'Resource Management Errors', 'Code - Resource Management Error - Use After Free': 'Resource Management Errors', 'denial-of-service': 'Resource Management Errors', 'Code - Data Processing': 'Data Processing Errors', 'memory-corruption': 'Data Processing Errors', 'buffer-overflow': 'Data Processing Errors', 'exploitable-crash': 'Data Processing Errors', 'Code - Code Quality': 'Code Quality', 'Configuration': 'Other', 'Environment': 'Other', 'Code - Traversal - Link Following': 'Other', 'Code - Time and State - Race Conditions': 'Other', 'privilege-escalation': 'Other', 'Code - Traversal': 'Other', '?': 'Other'}

Independent Variables:

Source code files

The snapshot was taken from the main branch on mercurial on November 21st, 2017.

Software metrics

software_metrics.csv

Crash counts

crashes.csv

Combined Data:

Each row in the Combined data has crash counts, software metrics, and source code of the file as independent variables and the categories of vulnerabilities the file contains as dependent variable. Using this data alone can reproduce the result of the paper.

ssdlc-mozilla_firefox_vulnerability_data's People

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.