Explore techniques for matching known software vulnerabilities (CVEs) to their precise origins in source code through this informative conference talk. Learn about Canvass Labs' open-source implementation for solving the challenge of connecting CVEs to specific Maven coordinates or GitHub repositories. Discover methods for parsing and mapping CVE information, understand current statistics on vulnerability correspondence, and gain insights into the free open data produced by their tool. Examine the potential for creating AI programming assistants to identify similar bugs and suggest fixes if open-source software engineers were to include CVE information in their commits. Gain valuable knowledge on improving software security and streamlining vulnerability management processes.
Matching CVEs and Source Code for Vulnerability Detection
Overview
Syllabus
Where is my Code Vulnerable: Matching CVEs and Source Code - David A. Barrett & Peter Shin
Taught by
Linux Foundation
Tags
Related Courses
-
Nix zu verstecken! Erstellung und Veröffentlichung von CVEs für Open Source Software
-
Surviving the CVE Firehose: Strategies for Open Source Product Security
-
How to Reduce CVE Noise with VEX - Vulnerability-Exploitability eXchange
-
VEXing Open Source Security - Vulnerability Data for Everything
-
Preparing for Zero-Day: Vulnerability Disclosure in Open Source Software
-
Discovering Shadow Vulnerabilities in Popular Open-Source Projects - A Journey Through Reverse-Fuzzing
