The Vulnerability Dataset of a Large Software Ecosystem

Dimitris Mitropoulos, Georgios Gousios, Panagiotis Papadopoulos, Vassilios Karakoidas, Panagiotis Louridas, Diomidis Spinellis

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

3 Citations (Scopus)

Abstract

Security bugs are critical programming errors that can lead to serious vulnerabilities in software. Examining their behaviour and characteristics within a software ecosystem can provide the research community with data regarding their evolution, persistence and others. We present a dataset that we produced by applying static analysis to the Maven Central Repository (approximately 265GB of data) in order to detect potential security bugs. For our analysis we used FindBugs, a tool that examines Java bytecode to detect numerous types of bugs. The dataset contains the metrics’ results that FindBugs reports for every project version (a JAR) included in the ecosystem. For every version in our data repository, we also store specific metadata, such as the JAR’s size, its dependencies and others. Our dataset can be used to produce interesting research results involving security bugs, as we show in specific examples.
Original languageEnglish
Title of host publicationProceedings - 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2014
Pages69-74
Number of pages6
DOIs
Publication statusPublished - 1 Apr 2016
Event3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security - Wroclaw, Poland
Duration: 11 Sept 201411 Sept 2014
Conference number: 3

Conference

Conference3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
Abbreviated titleBADGERS 2014
Country/TerritoryPoland
CityWroclaw
Period11/09/1411/09/14

Keywords

  • FindBugs
  • Maven Repository
  • Security Bugs
  • Software Ecosystem
  • Software Evolution
  • Software Security
  • Static Analysis

Fingerprint

Dive into the research topics of 'The Vulnerability Dataset of a Large Software Ecosystem'. Together they form a unique fingerprint.

Cite this