Write a Blog >>
ICSE 2020
Wed 24 June - Thu 16 July 2020
Wed 8 Jul 2020 15:00 - 15:08 at Goguryeo - A8-Machine Learning and Models Chair(s): Liliana Pasquale

Software engineers can find vulnerabilities with less effort if they are directed towards code that might contain more vulnerabilities. HARMLESS is an incremental support vector machine tool that builds a vulnerability prediction model from the source code inspected to date, then suggests what source code files should be inspected next. In this way, HARMLESS can reduce the time and effort required to achieve some desired level of recall for finding vulnerabilities. The tool also provides feedback on when to stop (at that desired level of recall) while at the same time, correcting human errors by double-checking suspicious files.

This paper evaluates HARMLESS on Mozilla Firefox vulnerability data. HARMLESS found 80, 90, 95, 99% of the vulnerabilities by inspecting 10, 16, 20, 34% of the source code files. When targeting 90, 95, 99% recall, HARMLESS could stop after inspecting 23, 30, 47% of the source code files. Even when human reviewers fail to identify half of the vulnerabilities (50% false negative rate), HARMLESS could detect 96% of the missing vulnerabilities by double-checking half of the inspected files.

Conference Day
Wed 8 Jul

Displayed time zone: (UTC) Coordinated Universal Time change

15:00 - 16:00
A8-Machine Learning and ModelsJournal First / Technical Papers at Goguryeo
Chair(s): Liliana PasqualeUniversity College Dublin & Lero
15:00
8m
Talk
Improving Vulnerability Inspection Efficiency Using Active LearningJ1
Journal First
Zhe YuNORTH CAROLINA STATE UNIVERSITY, Chris TheisenMicrosoft, Laurie WilliamsNorth Carolina State University, Tim MenziesNorth Carolina State University
15:08
8m
Talk
How Bugs Are Born: A Model to Identify How Bugs Are Introduced in Software ComponentsJ1
Journal First
Gema Rodríguez-PérezUniversity of Waterloo, Canada, Gregorio RoblesUniversidad Rey Juan Carlos, Alexander SerebrenikEindhoven University of Technology, Andy ZaidmanTU Delft, Daniel M. GermanUniversity of Victoria, Jesus M. Gonzalez-BarahonaUniversidad Rey Juan Carlos
DOI Pre-print
15:16
8m
Talk
How to “DODGE” Complex Software AnalyticsJ1
Journal First
Amritanshu AgrawalWayfair, Wei FuLanding AI, Di ChenNorth Carolina State University, USA, Xipeng ShenNorth Carolina State University, Tim MenziesNorth Carolina State University
15:24
12m
Talk
Importance-Driven Deep Learning System TestingTechnical
Technical Papers
Simos GerasimouUniversity of York, UK, Hasan Ferit EniserMPI-SWS, Alper SenBogazici University, Turkey, Alper ÇakanBogazici University, Turkey
15:36
12m
Talk
Quickly Generating Diverse Valid Test Inputs with Reinforcement LearningArtifact ReusableTechnicalArtifact Available
Technical Papers
Sameer ReddyUniversity of California, Berkeley, Caroline LemieuxUniversity of California, Berkeley, Rohan PadhyeCarnegie Mellon University, Koushik SenUniversity of California, Berkeley
15:48
8m
Talk
Impact of Discretization Noise of the Dependent variable on Machine Learning Classifiers in Software EngineeringJ1
Journal First
Gopi Krishnan RajbahadurQueen's University, Shaowei WangMississippi State University, Yasutaka KameiKyushu University, Ahmed E. HassanQueen's University