Downloads provided by UsageCounts[Tool demo] Prospector: a Tool to Find Fixes to Known Vulnerabilities of Open-Source Projects
EC| AssureMOSS
Sabetta, Antonino; Ponta, Serena Elisa; Lozoya, Rocío Cabrera; Bezzi, Michele; Sacchetti, Tommaso; Greco, Matteo; Gergo Balogh; +7 Authors
Sabetta, Antonino; Ponta, Serena Elisa; Lozoya, Rocío Cabrera; Bezzi, Michele; Sacchetti, Tommaso; Greco, Matteo; Gergo Balogh; Hegedus, Peter; Ferenc, Rudolf; Massacci, Fabio; Ranindya Paramitha; Pashchenko, Ivan; Papotti, Aurora; Milánkovich, Ákos;
[Tool demo] Prospector: a Tool to Find Fixes to Known Vulnerabilities of Open-Source Projects
>>>> TOOL DEMO SCREENCAST: please download file tool_demo_final.mp4. <<<< ABSTRACT: Though vulnerability databases are key for monitoring known vulnerabilities in open-source projects, they rarely contain information about the code changes that fix the flaws they describe. Finding them is time-consuming and error-prone as it involves the analysis of multiple, unstructured resources. In this paper we present \prospector, a tool that supports mapping vulnerability advisories from vulnerability databases onto the corresponding fix in the source code. \prospector employs a set of heuristics that mimics and automates the strategies that would be employed by human security experts. Given an advisory expressed in natural language, \prospector processes the commits found in the target source code repository, ranks them based on a set of predefined rules, and produces a report that the user can inspect to determine which commits to retain as the actual fix. The tool is publicly available and is released under the Apache 2.0 license.
- University of Trento Italy
selected citations These citations are derived from selected sources.This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).0 popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.Average influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).Average impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.Average views 37 downloads 39 - 37views39downloads
selected citations
Citations provided by BIP!
These citations are derived from selected sources.
This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
Citations provided by BIP!popularityPopularity provided by BIP!
This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
Popularity provided by BIP!influenceInfluence provided by BIP!
This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
Influence provided by BIP!impulseImpulse provided by BIP!
This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
Impulse provided by BIP!viewsViews provided by UsageCounts
Views provided by UsageCountsdownloadsDownloads provided by UsageCounts
Downloads provided by UsageCounts 0
Average
Average
Average
37
39
Funded by