Write a Blog >>
ICSE 2020
Wed 24 June - Thu 16 July 2020
Fri 10 Jul 2020 08:44 - 08:56 at Baekje - I22-Testing Chair(s): Phil McMinn

The number of vulnerabilities increases rapidly in recent years, due to the advances in vulnerability discovery solutions. It enables a thorough analysis on the vulnerability distribution and provides support for correlation analysis and prediction of vulnerabilities. Previous research either focuses on analyzing bugs rather than vulnerabilities, or only studies general vulnerability distribution among projects rather than the distribution within each project. In this paper, we collected a large vulnerability dataset, consisting of all known vulnerabilities associated to a set of representative open source projects, by utilizing automated crawlers and spending months of manual efforts. We then analyzed the vulnerability distribution within each project over several dimensions, including files, functions, vulnerability types and liable developers. Based on the analysis results, we presented several practical insights on the distribution of vulnerabilities. Finally, we applied such insights on several vulnerability discovery solutions (including static analysis and dynamic fuzzing), and helped them found 10 zero-day vulnerabilities in target projects, proving that our insights are useful.

Fri 10 Jul
Times are displayed in time zone: (UTC) Coordinated Universal Time change

icse-2020-paper-presentations
08:05 - 09:05: Paper Presentations - I22-Testing at Baekje
Chair(s): Phil McMinnUniversity of Sheffield
Demonstrations08:05 - 08:08
Talk
Yuanhan TianNanjing University, Shengcheng YuNanjing University, China, Chunrong FangNanjing University, Peiyuan LiNanjing University
icse-2020-papers08:08 - 08:20
Talk
Cheng WenShenzhen University, Haijun WangAnt Financial Services Group, China; CSSE, Shenzhen University, China, Yuekang LiNanyang Technological University, Shengchao QinUniversity of Teesside, Yang LiuNanyang Technological University, Singapore, Zhiwu XuShenzhen University, Hongxu ChenResearch Associate, Xiaofei XieNanyang Technological University, Geguang PuEast China Normal University, Ting LiuXi'an Jiaotong University
DOI Pre-print Media Attached
icse-2020-papers08:20 - 08:32
Talk
Hengbiao YuNational University of Defense Technology, Zhenbang ChenCollege of Computer, National University of Defense Technology, Changsha, PR China, Xianjin FuNational University of Defense Technology, Ji WangSchool of Computer, National University of Defense Technology, China, Zhendong SuETH Zurich, Switzerland, Jun SunSingapore Management University, Chun HuangNational University of Defense Technology, Wei DongSchool of Computer, National University of Defense Technology, China
Pre-print
icse-2020-papers08:32 - 08:44
Talk
Seongjoon HongKorea University, Junhee LeeKorea University, South Korea, Jeongsoo LeeKorea University, Hakjoo OhKorea University, South Korea
icse-2020-papers08:44 - 08:56
Talk
Bingchang LiuKey Laboratory of Network Assessment Technology, Institute of Information Engineering, Chinese Academy of Sciences, China; School of CyberSpace Security at University of Chinese Academy of Sciences, China, Guozhu MengInstitute of Information Engineering, Chinese Academy of Sciences, Chao ZhangInstitute for Network Sciences and Cyberspace of Tsinghua University, Feng LiKey Laboratory of Network Assessment Technology, Institute of Information Engineering, Chinese Academy of Sciences, China; School of CyberSpace Security at University of Chinese Academy of Sciences, China, Qi GongKey Laboratory of Network Assessment Technology, Institute of Information Engineering, Chinese Academy of Sciences, China, Min LinInstitute for Network Sciences and Cyberspace of Tsinghua University, Dandan SunKey Laboratory of Network Assessment Technology, Institute of Information Engineering, Chinese Academy of Sciences, China, Wei HuoInstitute of Information Engineering, Chinese Academy of Sciences, Wei ZouKey Laboratory of Network Assessment Technology, Institute of Information Engineering, Chinese Academy of Sciences, China; School of CyberSpace Security at University of Chinese Academy of Sciences, China
Demonstrations08:56 - 08:59
Talk
Zhenbang ChenCollege of Computer, National University of Defense Technology, Changsha, PR China, Hengbiao YuNational University of Defense Technology, Xianjin FuNational University of Defense Technology, Ji WangSchool of Computer, National University of Defense Technology, China
Pre-print