Identifying security bug reports via text mining: An industrial case study

Gegick, Michael; Rotella, Pete; Xie, Tao

doi:10.1109/msr.2010.5463340

Cited by 148 publications

(87 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…There are other lines of work that also analyze bug reports; these include the series of work on duplicate bug report detection [19], [23], [22], [28], bug localization [31], bug categorization [6], [8], [26], bug fix time prediction [12], [30], and bug fixer recommendation [10], [25]. Our work is also orthogonal to these studies.…”

Section: Related Workmentioning

confidence: 99%

DRONE: Predicting Priority of Reported Bugs by Multi-factor Analysis

Tian

Sun

2013

2013 IEEE International Conference on Software Maintenance

118

View full text Add to dashboard Cite

Abstract-Bugs are prevalent. To improve software quality, developers often allow users to report bugs that they found using a bug tracking system such as Bugzilla. Users would specify among other things, a description of the bug, the component that is affected by the bug, and the severity of the bug. Based on this information, bug triagers would then assign a priority level to the reported bug. As resources are limited, bug reports would be investigated based on their priority levels. This priority assignment process however is a manual one. Could we do better? In this paper, we propose an automated approach based on machine learning that would recommend a priority level based on information available in bug reports. Our approach considers multiple factors, temporal, textual, author, related-report, severity, and product, that potentially affect the priority level of a bug report. These factors are extracted as features which are then used to train a discriminative model via a new classification algorithm that handles ordinal class labels and imbalanced data. Experiments on more than a hundred thousands bug reports from Eclipse show that we can outperform baseline approaches in terms of average F-measure by a relative improvement of 58.61%.

show abstract

Section: Related Workmentioning

confidence: 99%

DRONE: Predicting Priority of Reported Bugs by Multi-factor Analysis

Tian

Sun

2013

2013 IEEE International Conference on Software Maintenance

118

View full text Add to dashboard Cite

show abstract

“…Previous work analyzes natural-language artifacts such as bug reports [6,14,31,34,38,39,46,54,64], comments [55,56], API documentation [37,67], identifier names [5,8] and mailing lists [38] for purposes such as detecting duplicate bug reports, identifying the appropriate developers to fix bugs, improving structure-field names, mining source code descriptions, etc. Recently, by leveraging the fact that programming language is likely to be repetitive and predictable, researchers [21] work on applying statistical language models to code to help software tasks, including code completion, concern location and software mining, etc.…”

Section: Analysis Of Natural-language Text For Softwarementioning

confidence: 99%

“…Secondly, semantically related words can improve bug detection tools [37,43,55,56,67] by expanding the specified rules with synonyms for better software reliability. Thirdly, other software engineering tasks such as detecting duplicate bug reports and mining source code descriptions need to analyze natural-language artifacts (e.g., bug reports [6,14,31,34,39,46,54,64] and mailing lists [38]). They can leverage semantically related words to improve their work.…”

mentioning

confidence: 99%

SWordNet: Inferring semantically related words from software context

Yang

Tan

2013

Empir Software Eng

View full text Add to dashboard Cite

Code search is an integral part of software development and program comprehension. The difficulty of code search lies in the inability to guess the exact words used in the code. Therefore, it is crucial for keyword-based code search to expand queries with semantically related words, e.g., synonyms and abbreviations, to increase the search effectiveness. However, it is limited to rely on resources such as English dictionaries and WordNet to obtain semantically related words in software, because many words that are semantically related in software are not semantically related in English. On the other hand, many words that are semantically related in English are not semantically related in software.This thesis proposes a simple and general technique to automatically infer semantically related words (referred to as rPairs) in software by leveraging the context of words in comments and code. In addition, we propose a ranking algorithm on the rPair results and study cross-project rPairs on two sets of software with similar functionality, i.e., media browsers and operating systems. We achieve a reasonable accuracy in nine large and popular code bases written in C and Java. Our further evaluation against the state of art shows that our technique can achieve a higher precision and recall. In addition, the proposed ranking algorithm improves the rPair extraction accuracy by bringing correct rPairs to the top of the list. Our cross-project study successfully discovers overlapping rPairs among projects of similar functionality and finds that cross-project rPairs are more likely to be correct than project-specific rPairs. Since the cross-project rPairs are highly likely to be general for software of the same type, the discovered overlapping rPairs can benefit other projects of the same type that have not been anaylyzed.iii Acknowledgements I would like to take this opportunity to express my biggest thanks to my supervisor Prof. Lin Tan. From her, I get numerous supports and encouragement in every aspect. I would like to thank for her insightful guidance and unwavering supports. She is always available when I ask for help or advice. I learned a lot from Lin, including conducting research, time management, presentations skills and how to communicate and collaborate with other people. The things I learned from Lin will extremely benefit my future development. I am thankful to readers of the thesis, Prof. Ladan Tahvildari and Prof. Mahesh V. Tripunitara, for spending their valuable time in reviewing my thesis and providing valuable comments.

show abstract

“…Gegick et al [25] proposed a text mining approach to identify security bug reports (SBR) from the set of mislabeled non-security bug reports (NSBR). A bug report's summary and long description fields were used for training the model.…”

Section: Related Workmentioning

confidence: 99%

Bug Prioritization to Facilitate Bug Report Triage

Kanwal

Maqbool

2012

J. Comput. Sci. Technol.

100

View full text Add to dashboard Cite

The large number of new bug reports received in bug repositories of software systems makes their management a challenging task. Handling these reports manually is time consuming, and often results in delaying the resolution of important bugs. To address this issue, a recommender may be developed which automatically prioritizes the new bug reports. In this paper, we propose and evaluate a classification based approach to build such a recommender. We use the Naïve Bayes and Support Vector Machine (SVM) classifiers, and present a comparison to evaluate which classifier performs better in terms of accuracy. Since a bug report contains both categorical and text features, another evaluation we perform is to determine the combination of features that better determines the priority of a bug. To evaluate the bug priority recommender, we use precision and recall measures and also propose two new measures, Nearest False Negatives (NFN) and Nearest False Positives (NFP), which provide insight into the results produced by precision and recall. Our findings are that the results of SVM are better than the Naïve Bayes algorithm for text features, whereas for categorical features, Naïve Bayes performance is better than SVM. The highest accuracy is achieved with SVM when categorical and text features are combined for training.

show abstract

Identifying security bug reports via text mining: An industrial case study

Cited by 148 publications

References 8 publications

DRONE: Predicting Priority of Reported Bugs by Multi-factor Analysis

DRONE: Predicting Priority of Reported Bugs by Multi-factor Analysis

SWordNet: Inferring semantically related words from software context

Bug Prioritization to Facilitate Bug Report Triage

Contact Info

Product

Resources

About