The Vulnerability Dataset of a Large Software Ecosystem

Conference paper (2016)

Authors

Dimitris Mitropoulos Athens University of Economics and Business
G. Gousios Software Engineering - EEMCS
Panagiotis Papadopoulos Foundation for Research and Technology - Hellas (FORTH)
Vassilios Karakoidas Athens University of Economics and Business
Panos Louridas Athens University of Economics and Business
D. Spinellis Athens University of Economics and Business
Research Group
Software Engineering (EEMCS) (TU Delft)
Maven Repository Static Analysis Software Evolution Software Security Software Ecosystem FindBugs Security Bugs
More Info
expand_more

Published Date

01-04-2016

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Department

Software Technology

Research Group

Software Engineering

Abstract

Security bugs are critical programming errors that can lead to serious vulnerabilities in software. Examining their behaviour and characteristics within a software ecosystem can provide the research community with data regarding their evolution, persistence and others. We present a dataset that we produced by applying static analysis to the Maven Central Repository (approximately 265GB of data) in order to detect potential security bugs. For our analysis we used FindBugs, a tool that examines Java bytecode to detect numerous types of bugs. The dataset contains the metrics’ results that FindBugs reports for every project version (a JAR) included in the ecosystem. For every version in our data repository, we also store specific metadata, such as the JAR’s size, its dependencies and others. Our dataset can be used to produce interesting research results involving security bugs, as we show in specific examples.