-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
77 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,77 @@ | ||
| cff-version: 1.2.0 | ||
| title: secret_life_of_CVEs | ||
| message: >- | ||
| Please cite this software using the metadata from | ||
| 'preferred-citation'. | ||
| type: software | ||
| authors: | ||
| - given-names: Mikołaj | ||
| family-names: Fejzer | ||
| email: [email protected] | ||
| - given-names: Jakub | ||
| family-names: Narębski | ||
| email: [email protected] | ||
| - given-names: Piotr | ||
| family-names: Przymus | ||
| email: [email protected] | ||
| - given-names: Krzysztof | ||
| family-names: Stencel | ||
| email: [email protected] | ||
| abstract: >- | ||
| This repository contains scripts to process and join data from the World of Code dataset | ||
| (see https://arxiv.org/abs/2010.16196) and CVE (Common Vulnerabilities and Exposures) dataset | ||
| (gathered using the cve-search project), that were used in the "The Secret Life of CVEs" | ||
| paper submission, accepted to MSR 2023 Challenge, and published as DOI:10.1109/MSR59073.2023.00056. | ||
| Results were analyzed with the help of Jupyter Notebooks, available in the 'notebooks/' subdirectory. | ||
| license: MIT | ||
| preferred-citation: | ||
| type: conference-paper | ||
| authors: | ||
| - given-names: Mikołaj | ||
| family-names: Fejzer | ||
| email: [email protected] | ||
| affiliation: >- | ||
| Faculty of Mathematics and Computer Science, | ||
| Nicolaus Copernicus University, Toruń, Poland | ||
| orcid: 'https://orcid.org/0000-0003-1496-2289' | ||
| - given-names: Jakub | ||
| family-names: Narębski | ||
| email: [email protected] | ||
| affiliation: >- | ||
| Faculty of Mathematics and Computer Science, | ||
| Nicolaus Copernicus University, Toruń, Poland | ||
| orcid: 'https://orcid.org/0000-0002-3296-3915' | ||
| - given-names: Piotr | ||
| family-names: Przymus | ||
| email: [email protected] | ||
| affiliation: >- | ||
| Faculty of Mathematics and Computer Science, | ||
| Nicolaus Copernicus University, Toruń, Poland | ||
| orcid: 'https://orcid.org/0000-0001-9548-2388' | ||
| - given-names: Krzysztof | ||
| family-names: Stencel | ||
| email: [email protected] | ||
| affiliation: >- | ||
| Faculty of Mathematics, Informatics and Mechanics, | ||
| University of Warsaw, Warsaw, Poland | ||
| orcid: 'https://orcid.org/0000-0001-6356-4872' | ||
| title: "The Secret Life of CVEs" | ||
| journal: "2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR)" | ||
| doi: "10.1109/MSR59073.2023.00056" | ||
| start: 362 # First page number | ||
| end: 366 # Last page number | ||
| year: 2023 | ||
| abstract: >- | ||
| The Common Vulnerabilities and Exposures (CVEs) system is a reference method for documenting | ||
| publicly known information security weaknesses and exposures. This paper presents a study | ||
| of the lifetime of CVEs in software projects and the risk factors affecting their existence. | ||
| The study uses survival analysis to examine how features of programming languages, projects, | ||
| and CVEs themselves impact the lifetime of CVEs. We suggest avenues for future research | ||
| to investigate the effect of various factors on the resolution of vulnerabilities. | ||
| conference: | ||
| name: "2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR)" | ||
| date-start: "2023-05-15" | ||
| date-end: "2023-05-16" | ||
| city: Melbourne | ||
| country: AU |