Overview
Explore techniques for matching known software vulnerabilities (CVEs) to their precise origins in source code through this informative conference talk. Learn about Canvass Labs' open-source implementation for solving the challenge of connecting CVEs to specific Maven coordinates or GitHub repositories. Discover methods for parsing and mapping CVE information, understand current statistics on vulnerability correspondence, and gain insights into the free open data produced by their tool. Examine the potential for creating AI programming assistants to identify similar bugs and suggest fixes if open-source software engineers were to include CVE information in their commits. Gain valuable knowledge on improving software security and streamlining vulnerability management processes.
Syllabus
Where is my Code Vulnerable: Matching CVEs and Source Code - David A. Barrett & Peter Shin
Taught by
Linux Foundation