A comprehensive analysis on software vulnerability detection datasets: trends, challenges, and road ahead

Guo Y; Bettaieb S; Casino F

Belongs to PC:SerieArticles collection

TITLE:

A comprehensive analysis on software vulnerability detection datasets: trends, challenges, and road ahead - imarina:9378601

Handle:

https://hdl.handle.net/20.500.11797/imarina9378601

URV's Author/s:	Casino Cembellín, Francisco José
Author, as appears in the article.:	Guo Y; Bettaieb S; Casino F
Author's mail:	franciscojose.casino@urv.cat
Author identifier:	0000-0003-4296-2876
Journal publication year:	2024
Publication Type:	Journal Publications
APA:	Guo Y; Bettaieb S; Casino F (2024). A comprehensive analysis on software vulnerability detection datasets: trends, challenges, and road ahead. International Journal Of Information Security, 23(5), 3311-3327. DOI: 10.1007/s10207-024-00888-y
Paper original source:	International Journal Of Information Security. 23 (5): 3311-3327
Abstract:	As society's dependence on information and communication systems (ICTs) grows, so does the necessity of guaranteeing the proper functioning and use of such systems. In this context, it is critical to enhance the security and robustness of the DevSecOps pipeline through timely vulnerability detection. Usually, AI-based models enable desirable features such as automation, performance, and efficacy. However, the quality of such models highly depends on the datasets used during the training stage. The latter encompasses a series of challenges yet to be solved, such as access to extensive labelled datasets with specific properties, such as well-represented and balanced samples. This article explores the current state of practice of software vulnerability datasets and provides a classification of the main challenges and issues. After an extensive analysis, it describes a set of guidelines and desirable features that datasets should guarantee. The latter is applied to create a new dataset, which fulfils these properties, along with a descriptive comparison with the state of the art. Finally, a discussion on how to foster good practices among researchers and practitioners sets the ground for further research and continued improvement within this critical domain.
Article's DOI:	10.1007/s10207-024-00888-y
Link to the original source:	https://link.springer.com/article/10.1007/s10207-024-00888-y
Paper version:	info:eu-repo/semantics/publishedVersion
licence for use:	https://creativecommons.org/licenses/by/3.0/es/
Department:	Enginyeria Informàtica i Matemàtiques
Licence document URL:	https://repositori.urv.cat/ca/proteccio-de-dades/
Thematic Areas:	Ciência da computação Computer networks and communications Computer science, information systems Computer science, software engineering Computer science, theory & methods Engenharias iv Information systems Matemática / probabilidade e estatística Safety, risk, reliability and quality Software
Keywords:	Benchmarking Datasets Devsecop Devsecops Software vulnerability detection
Entity:	Universitat Rovira i Virgili
Record's date:	2025-02-24

Description:	As society's dependence on information and communication systems (ICTs) grows, so does the necessity of guaranteeing the proper functioning and use of such systems. In this context, it is critical to enhance the security and robustness of the DevSecOps pipeline through timely vulnerability detection. Usually, AI-based models enable desirable features such as automation, performance, and efficacy. However, the quality of such models highly depends on the datasets used during the training stage. The latter encompasses a series of challenges yet to be solved, such as access to extensive labelled datasets with specific properties, such as well-represented and balanced samples. This article explores the current state of practice of software vulnerability datasets and provides a classification of the main challenges and issues. After an extensive analysis, it describes a set of guidelines and desirable features that datasets should guarantee. The latter is applied to create a new dataset, which fulfils these properties, along with a descriptive comparison with the state of the art. Finally, a discussion on how to foster good practices among researchers and practitioners sets the ground for further research and continued improvement within this critical domain.
Title:	A comprehensive analysis on software vulnerability detection datasets: trends, challenges, and road ahead
Type:	Journal Publications info:eu-repo/semantics/publishedVersion
Contributor:	Enginyeria Informàtica i Matemàtiques Universitat Rovira i Virgili
Subject:	Computer Networks and Communications,Computer Science, Information Systems,Computer Science, Software Engineering,Computer Science, Theory & Methods,Information Systems,Safety, Risk, Reliability and Quality,Software Benchmarking Datasets Devsecop Devsecops Software vulnerability detection Ciência da computação Computer networks and communications Computer science, information systems Computer science, software engineering Computer science, theory & methods Engenharias iv Information systems Matemática / probabilidade e estatística Safety, risk, reliability and quality Software
Date:	2024
Language:	en
Creator:	Guo Y Bettaieb S Casino F
Rights:	info:eu-repo/semantics/openAccess

Search your record at:

Available files
File	Description	Format
DocumentPrincipal	DocumentPrincipal	application/pdf

All objects of this collection

Information