The Vulnerability Dataset of a Large Software Ecosystem
Dimitrios Mitropoulos (Athens University of Economics and Business)
Gousios Gousios (TU Delft - Software Engineering)
Panagiotis Papadopoulos (Foundation for Research and Technology - Hellas (FORTH))
Vassilios Karakoidas (Athens University of Economics and Business)
Panagiotis Louridas (Athens University of Economics and Business)
DIomidis Spinellis (Athens University of Economics and Business)
More Info
expand_more
Abstract
Security bugs are critical programming errors that can lead to serious vulnerabilities in software. Examining their behaviour and characteristics within a software ecosystem can provide the research community with data regarding their evolution, persistence and others. We present a dataset that we produced by applying static analysis to the Maven Central Repository (approximately 265GB of data) in order to detect potential security bugs. For our analysis we used FindBugs, a tool that examines Java bytecode to detect numerous types of bugs. The dataset contains the metrics’ results that FindBugs reports for every project version (a JAR) included in the ecosystem. For every version in our data repository, we also store specific metadata, such as the JAR’s size, its dependencies and others. Our dataset can be used to produce interesting research results involving security bugs, as we show in specific examples.
No files available
Metadata only record. There are no files for this record.