Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Tracking Software Security Topics

Phong Minh Vu, Tung Thanh Nguyen

TL;DR

SOSK allows users to define any topic of their interests and retrieve security reports relevant to that topic effectively and preliminary evaluation shows that SOSK can expand keywords and retrieve reports relevant to user requests.

Abstract

Software security incidents occur everyday and thousands of software security reports are announced each month. Thus, it is difficult for software security researchers, engineers, and other stakeholders to follow software security topics of their interests in real-time. In this paper, we propose, SOSK, a novel tool for this problem. SOSK allows a user to import a collection of software security reports. It pre-processes and extracts the most important keywords from the textual description of the reports. Based on the similarity of embedding vectors of keywords, SOSK can expand and/or refine a keyword set from a much smaller set of user-provided keywords. Thus, SOSK allows users to define any topic of their interests and retrieve security reports relevant to that topic effectively. Our preliminary evaluation shows that SOSK can expand keywords and retrieve reports relevant to user requests.

Tracking Software Security Topics

TL;DR

SOSK allows users to define any topic of their interests and retrieve security reports relevant to that topic effectively and preliminary evaluation shows that SOSK can expand keywords and retrieve reports relevant to user requests.

Abstract

Software security incidents occur everyday and thousands of software security reports are announced each month. Thus, it is difficult for software security researchers, engineers, and other stakeholders to follow software security topics of their interests in real-time. In this paper, we propose, SOSK, a novel tool for this problem. SOSK allows a user to import a collection of software security reports. It pre-processes and extracts the most important keywords from the textual description of the reports. Based on the similarity of embedding vectors of keywords, SOSK can expand and/or refine a keyword set from a much smaller set of user-provided keywords. Thus, SOSK allows users to define any topic of their interests and retrieve security reports relevant to that topic effectively. Our preliminary evaluation shows that SOSK can expand keywords and retrieve reports relevant to user requests.
Paper Structure (13 sections, 5 equations, 2 figures, 2 tables)

This paper contains 13 sections, 5 equations, 2 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Approach
  3. Indexing
  4. Embedding vectors
  5. Keyword scores
  6. Tracking
  7. Evaluation
  8. Studying previously reported security topics
  9. How did security trends changed after 2009?
  10. What are the actual descriptions of the security reports?
  11. Exploring new topic
  12. Related work
  13. Conclusions

Figures (2)

  • Figure 1: Trends analysis of three topics in CVE Dataset
  • Figure 2: Trends analysis of topic Mobile Devices in CVE