This repository contains the dataset for the paper:
- J. C. S. Santos, A. Peruma, M. Mirakhorli, M. Galster, J. V. Vidal and A. Sejfia, "Understanding Software Vulnerabilities Related to Architectural Security Tactics: An Empirical Investigation of Chromium, PHP and Thunderbird," 2017 IEEE International Conference on Software Architecture (ICSA), Gothenburg, 2017, pp. 69-78.
@inproceedings{7930201,
author={J. C. S. {Santos} and A. {Peruma} and M. {Mirakhorli} and M. {Galster} and J. V. {Vidal} and A. {Sejfia}},
title={Understanding Software Vulnerabilities Related to Architectural Security Tactics: An Empirical Investigation of Chromium, PHP and Thunderbird},
year={2017},
volume={},
number={},
booktitle={2017 IEEE International Conference on Software Architecture (ICSA)},
pages={69-78},
}
The data collected for each case study can be accessed in the CSV files:
chromium-datasets.csvphp-datasets.csvthunderbird-datasets.csv
These csv files have the following columns:
cve_id: The unique identifier of the vulnerability in the National Vulnerability Database;date_of_report: The time when the Vulnerability was first reported;cve_type: Indicates whether the vulnerability (CVE) is TACTICAL or NON-TACTICAL.root_cause: In case of tactical vulnerabilities, this field indicates the root cause (given as an id to the CWE dictionary);total_impacted_files: Number of files that were affected (i.e., changed/added/removed) to fix the vulnerability;code_churn: Number of lines changed in the patch released to fix the vulnerability;bugtrack_url: The URL to the bug entry in the Issue Tracker of the project related to that vulnerability or a URL to a place that reports the vulnerability (example: a mailing list, such as http://marc.info/)commit_url: The URL(s) to the Web page that contains the committed code to the patch that fixed the issue;