Using Faults-Slip-Through Metric as a Predictor of Fault-Proneness

Abstract-Security bug reports can describe security critical vulnerabilities in software products. Bug tracking systems may contain thousands of bug reports, where relatively few of them are security related. Therefore finding unlabelled security bugs among them can be challenging. To help security engineers identify these reports quickly and accurately, text-based prediction models have been proposed. These can often mislabel security bug reports due to a number of reasons such as class imbalance, where the ratio of non-security to security bug reports is very high. More critically, we have observed that the presence of security related keywords in both security and non-security bug reports can lead to the mislabelling of security bug reports. This paper proposes FARSEC, a framework for filtering and ranking bug reports for reducing the presence of security related keywords. Before building prediction models, our framework identifies and removes non-security bug reports with security related keywords. We demonstrate that FARSEC improves the performance of text-based prediction models for security bug reports in 90% of cases. Specifically, we evaluate it with 45,940 bug reports from Chromium and four Apache projects. With our framework, we mitigate the class imbalance issue and reduce the number of mislabelled security bug reports by 38%.

show abstract

“…3: Logistic Regression is generally appropriate when the dependent variable is dichotomous (e.g. either fault-prone or non-fault-prone) [42] …”

Section: Machine Learning Algorithmsmentioning

confidence: 99%

Text Filtering and Ranking for Security Bug Report Prediction

Peters

Tun

et al. 2019

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

show abstract

“…3) Logistic Regression, LR: Afzal [28] recommend LR when the dependent variable is dichotomous (e.g. either faultprone or non-fault-prone).…”

Section: Prediction Modelsmentioning

confidence: 99%

Better cross company defect prediction

Peters

Menzies

Marcus

2013

2013 10th Working Conference on Mining Software Repositories (MSR)

163

161

View full text Add to dashboard Cite

Abstract-How can we find data for quality prediction? Early in the life cycle, projects may lack the data needed to build such predictors. Prior work assumed that relevant training data was found nearest to the local project. But is this the best approach?This paper introduces the Peters filter which is based on the following conjecture: When local data is scarce, more information exists in other projects. Accordingly, this filter selects training data via the structure of other projects.To assess the performance of the Peters filter, we compare it with two other approaches for quality prediction. Withincompany learning and cross-company learning with the Burak filter (the state-of-the-art relevancy filter). This paper finds that: 1) within-company predictors are weak for small data-sets; 2) the Peters filter+cross-company builds better predictors than both within-company and the Burak filter+cross-company; and 3) the Peters filter builds 64% more useful predictors than both withincompany and the Burak filter+cross-company approaches. Hence, we recommend the Peters filter for cross-company learning.

show abstract

“…• Logistic Regression (LR): Afzal [33] describes LR as a method to be used when the dependent variable is dichotomous (e.g. either fault-prone or non-faultprone).…”

Section: B Defect Predictorsmentioning

confidence: 99%

Privacy and utility for defect prediction: Experiments with MORPH

Peters

Menzies

2012

2012 34th International Conference on Software Engineering (ICSE)

View full text Add to dashboard Cite

Abstract-Ideally, we can learn lessons from software projects across multiple organizations. However, a major impediment to such knowledge sharing are the privacy concerns of software development organizations. This paper aims to provide defect data-set owners with an effective means of privatizing their data prior to release. We explore MORPH which understands how to maintain class boundaries in a data-set. MORPH is a data mutator that moves the data a random distance, taking care not to cross class boundaries.

show abstract

Using Faults-Slip-Through Metric as a Predictor of Fault-Proneness

Cited by 17 publications

References 39 publications

Text Filtering and Ranking for Security Bug Report Prediction

Text Filtering and Ranking for Security Bug Report Prediction

Better cross company defect prediction

Privacy and utility for defect prediction: Experiments with MORPH

Contact Info

Product

Resources

About