Tracing Vulnerable Code Lineage

This paper presents results from the MSR 2021 Hackathon. Our team investigates files/projects that contain known security vulnerabilities and how widespread they are throughout repositories in open source software. These security vulnerabilities can potentially be propagated through code reuse even...

Full description

Saved in:
Bibliographic Details
Main Authors Reid, David, Eng, Kalvin, Bogart, Chris, Tutko, Adam
Format Journal Article
LanguageEnglish
Published 23.03.2021
Subjects
Computer Science - Cryptography and Security
Computer Science - Software Engineering
Online AccessGet full text

Cover

More Information
Summary:This paper presents results from the MSR 2021 Hackathon. Our team investigates files/projects that contain known security vulnerabilities and how widespread they are throughout repositories in open source software. These security vulnerabilities can potentially be propagated through code reuse even when the vulnerability is fixed in different versions of the code. We utilize the World of Code infrastructure to discover file-level duplication of code from a nearly complete collection of open source software. This paper describes a method and set of tools to find all open source projects that use known vulnerable files and any previous revisions of those files.
DOI:10.48550/arxiv.2103.12304