Write a Blog >>
ICSE 2020
Wed 24 June - Thu 16 July 2020
Wed 8 Jul 2020 15:00 - 15:08 at Goguryeo - A8-Machine Learning and Models Chair(s): Liliana Pasquale

Software engineers can find vulnerabilities with less effort if they are directed towards code that might contain more vulnerabilities. HARMLESS is an incremental support vector machine tool that builds a vulnerability prediction model from the source code inspected to date, then suggests what source code files should be inspected next. In this way, HARMLESS can reduce the time and effort required to achieve some desired level of recall for finding vulnerabilities. The tool also provides feedback on when to stop (at that desired level of recall) while at the same time, correcting human errors by double-checking suspicious files.

This paper evaluates HARMLESS on Mozilla Firefox vulnerability data. HARMLESS found 80, 90, 95, 99% of the vulnerabilities by inspecting 10, 16, 20, 34% of the source code files. When targeting 90, 95, 99% recall, HARMLESS could stop after inspecting 23, 30, 47% of the source code files. Even when human reviewers fail to identify half of the vulnerabilities (50% false negative rate), HARMLESS could detect 96% of the missing vulnerabilities by double-checking half of the inspected files.

Wed 8 Jul
Times are displayed in time zone: (UTC) Coordinated Universal Time change

15:00 - 16:00: Paper Presentations - A8-Machine Learning and Models at Goguryeo
Chair(s): Liliana PasqualeUniversity College Dublin & Lero
icse-2020-Journal-First15:00 - 15:08
Zhe YuNORTH CAROLINA STATE UNIVERSITY, Chris TheisenMicrosoft, Laurie WilliamsNorth Carolina State University, Tim MenziesNorth Carolina State University
icse-2020-Journal-First15:08 - 15:16
Gema Rodríguez-PérezUniversity of Waterloo, Canada, Gregorio RoblesUniversidad Rey Juan Carlos, Alexander SerebrenikEindhoven University of Technology, Andy ZaidmanTU Delft, Daniel M. GermanUniversity of Victoria, Jesus M. Gonzalez-BarahonaUniversidad Rey Juan Carlos
DOI Pre-print
icse-2020-Journal-First15:16 - 15:24
Amritanshu AgrawalWayfair, Wei FuLanding AI, Di ChenNorth Carolina State University, USA, Xipeng ShenNorth Carolina State University, Tim MenziesNorth Carolina State University
icse-2020-papers15:24 - 15:36
Simos GerasimouUniversity of York, UK, Hasan Ferit EniserMPI-SWS, Alper SenBogazici University, Turkey, Alper ÇakanBogazici University, Turkey
icse-2020-papers15:36 - 15:48
Sameer ReddyUniversity of California, Berkeley, Caroline LemieuxUniversity of California, Berkeley, Rohan PadhyeCarnegie Mellon University, Koushik SenUniversity of California, Berkeley
icse-2020-Journal-First15:48 - 15:56
Gopi Krishnan RajbahadurQueen's University, Shaowei WangMississippi State University, Yasutaka KameiKyushu University, Ahmed E. HassanQueen's University