Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Linux Foundation

Matching CVEs and Source Code for Vulnerability Detection

Linux Foundation via YouTube

Overview

Explore techniques for matching known software vulnerabilities (CVEs) to their precise origins in source code through this informative conference talk. Learn about Canvass Labs' open-source implementation for solving the challenge of connecting CVEs to specific Maven coordinates or GitHub repositories. Discover methods for parsing and mapping CVE information, understand current statistics on vulnerability correspondence, and gain insights into the free open data produced by their tool. Examine the potential for creating AI programming assistants to identify similar bugs and suggest fixes if open-source software engineers were to include CVE information in their commits. Gain valuable knowledge on improving software security and streamlining vulnerability management processes.

Syllabus

Where is my Code Vulnerable: Matching CVEs and Source Code - David A. Barrett & Peter Shin

Taught by

Linux Foundation

Reviews

Start your review of Matching CVEs and Source Code for Vulnerability Detection

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.