A process framework for the classification of security bug reports

Research output: Chapter in Book/Report/Conference proceedingChapter

1 Scopus citations


Numerous organizations keep records of bug reports ruled by different types of sources. For example, in the context of software development, bugs are reported by developers, designers, testers and end users. Various studies have been performed to introduce models for the identification of security-related bugs; however, the number of security-related bug reports are misclassified due to their small ratio as compared to non-security bug reports due to the presence of security-related keywords in non-security bug reports, which might increase the time and efforts of bug engineers. In order to mitigate this issue, we have proposed a methodology to identify the important security-related keywords from the security-related bug report (SBR) and remove these keywords from non-security bug reports (NSBR) to improve the classification decisions. Firstly, the proposed method is evaluated with state-of-the-art feature selection methods to increase the classifier's performance. Secondly, the classifier's performance is evaluated to decrease the false positive rate (FPR) of classifiers via proposed method. The promising results indicate the significance of the proposed methodology in terms of effective identification of the bug security report.

Original languageEnglish (US)
Title of host publicationEvolving Software Processes
Subtitle of host publicationTrends and Future Directions
Number of pages11
ISBN (Electronic)9781119821779
ISBN (Print)9781119821267
StatePublished - Jan 7 2022

All Science Journal Classification (ASJC) codes

  • General Computer Science

Cite this