Conclusion
In this paper, we explore the correlations between vul-inducing commits and vul-fixing commits, and propose an automated vulnerability localization approach called VulLoc to recommend a ranked list of suspicious methods. Compared with BugLocator, VulLoc can achieve an improvement on Einspect@n MAP, MRR, respectively and have significant efficiency on vulnerability localization.
References
Wen M, Wu R, Liu Y, Tian Y, Xie X, Cheung S C, Su Z. Exploring and exploiting the correlations between bug-inducing and bug-fixing commits. In: Proceedings of the 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 2019, 326–337
Zou D, Liang J, Xiong Y, Ernst M D, Zhang L. An empirical study of fault localization families and their combinations. IEEE Transactions on Software Engineering, 2021, 47(2): 332–347
Zhou J, Zhang H, Lo D. Where should the bugs be fixed? More accurate information retrieval-based bug localization based on bug reports. In: Proceedings of the 34th International Conference on Software Engineering. 2012, 14–24
Acknowledgements
This work was supported by the National Natural Science Foundation of China (Grant Nos. 61872312, 61972335, and 62002309); the Natural Science Foundation of the Jiangsu Higher Education Institutions of China (20KJB520016); the Innovation (Science and Technology) Project of Scientific Research Base of Nanjing University of Aeronautics and Astronautics (NJ2020022).
Author information
Authors and Affiliations
Corresponding author
Electronic supplementary material
Rights and permissions
About this article
Cite this article
Bo, L., Li, Y., Sun, X. et al. VulLoc: vulnerability localization based on inducing commits and fixing commits. Front. Comput. Sci. 17, 173207 (2023). https://doi.org/10.1007/s11704-022-1729-x
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11704-022-1729-x