This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
datasets [2017/06/01 12:51] stanislav.dashevskyi@unitn.it [Users] |
datasets [2018/11/13 18:34] ivan.pashchenko@unitn.it Added DeltaBench dataset description |
||
---|---|---|---|
Line 20: | Line 20: | ||
* **ESEJ** is the list of vulnerabilities in Google Chrome and Mozilla Firefox along with ranges of major versions affected by each vulnerability. For each vulnerability, the dataset contains two affected version ranges: (1) vulnerable versions according to the NVD (“version X and all previous versions”); (2) vulnerable versions based on the vulnerable code evidence (identified by our algorithm). | * **ESEJ** is the list of vulnerabilities in Google Chrome and Mozilla Firefox along with ranges of major versions affected by each vulnerability. For each vulnerability, the dataset contains two affected version ranges: (1) vulnerable versions according to the NVD (“version X and all previous versions”); (2) vulnerable versions based on the vulnerable code evidence (identified by our algorithm). | ||
* **COMPR**ehension is a dataset collected in a series of controlled experiments on Model Comprehension for Security Risk Assessment. | * **COMPR**ehension is a dataset collected in a series of controlled experiments on Model Comprehension for Security Risk Assessment. | ||
+ | * **Delta-Bench** collects revisions of Apache Tomcat 6.0 - 8.5 with security fixes of various CVEs. | ||
==== How to Access the Data ==== | ==== How to Access the Data ==== | ||
Line 61: | Line 62: | ||
* Investigation on which CVEs are exploited by malicious exploit kits. [Scientist in charge: Aaron Powell] | * Investigation on which CVEs are exploited by malicious exploit kits. [Scientist in charge: Aaron Powell] | ||
- | 3. **MIT Sloan School of Management ** | + | 3. **MIT Sloan School of Management (Massachusetts Institute of Technology) ** |
* Evaluation of security practice use in relation to how and when vulnerabilities are discovered and resolved in software development projects; evolution of the vulnerability discovery and resolution process over time in software development projects.[Scientists in charge: Stuart Madnick, Michael Siegel, James Houghton]. | * Evaluation of security practice use in relation to how and when vulnerabilities are discovered and resolved in software development projects; evolution of the vulnerability discovery and resolution process over time in software development projects.[Scientists in charge: Stuart Madnick, Michael Siegel, James Houghton]. | ||
Line 69: | Line 70: | ||
* Investigating the probability that a given vulnerability will be exploited as a function of (a) its CVSS base score as well as (b) other possible markers which are available at the time the vulnerability is first noted. | * Investigating the probability that a given vulnerability will be exploited as a function of (a) its CVSS base score as well as (b) other possible markers which are available at the time the vulnerability is first noted. | ||
- | 5. ** NCSU ** | + | 5. ** NCSU (North Carolina State University)** |
* Evaluation of security practice use in relation to how and when vulnerabilities are discovered and resolved in software development projects; evolution of the vulnerability discovery and resolution process over time in so[Users] ftware development projects [Scientists in charge: Laurie Williams, Patrick Morrison, Rahul Pandita] | * Evaluation of security practice use in relation to how and when vulnerabilities are discovered and resolved in software development projects; evolution of the vulnerability discovery and resolution process over time in so[Users] ftware development projects [Scientists in charge: Laurie Williams, Patrick Morrison, Rahul Pandita] | ||
- | 6. ** ECNU ** | + | 6. ** ECNU (East China Normal University) ** |
* Research on building vulnerability prediction models and comparing the experimental results with previous studies conducted by DISI Security Research Group [Scientists in charge: Xiangxue Li, Liang He, Limin Yang] | * Research on building vulnerability prediction models and comparing the experimental results with previous studies conducted by DISI Security Research Group [Scientists in charge: Xiangxue Li, Liang He, Limin Yang] | ||
- | 7. ** The George Washington University (GWU) ** | + | 7. ** GWU (George Washington University) ** |
* Dissertation research regarding vulnerability discovery modeling [Scientists in charge: Reuben Johnston, Thomas Mazzuchi]. | * Dissertation research regarding vulnerability discovery modeling [Scientists in charge: Reuben Johnston, Thomas Mazzuchi]. | ||
+ | |||
+ | |||
+ | 8. ** IIIT-Delhi (Indraprastha Institute of Information Technology, Delhi) ** | ||
+ | |||
+ | * Understanding and predicting vulnerabilities by leveraging online contents (Scientists in charge: Baani Leen Kaur Jolly, Tanmoy Chakraborty) | ||