A process framework for the classification of security bug reports

Research output: Chapter in Book/Report/Conference proceedingChapter

1 Scopus citations

Abstract

Numerous organizations keep records of bug reports ruled by different types of sources. For example, in the context of software development, bugs are reported by developers, designers, testers and end users. Various studies have been performed to introduce models for the identification of security-related bugs; however, the number of security-related bug reports are misclassified due to their small ratio as compared to non-security bug reports due to the presence of security-related keywords in non-security bug reports, which might increase the time and efforts of bug engineers. In order to mitigate this issue, we have proposed a methodology to identify the important security-related keywords from the security-related bug report (SBR) and remove these keywords from non-security bug reports (NSBR) to improve the classification decisions. Firstly, the proposed method is evaluated with state-of-the-art feature selection methods to increase the classifier's performance. Secondly, the classifier's performance is evaluated to decrease the false positive rate (FPR) of classifiers via proposed method. The promising results indicate the significance of the proposed methodology in terms of effective identification of the bug security report.

Original languageEnglish (US)
Title of host publicationEvolving Software Processes
Subtitle of host publicationTrends and Future Directions
Publisherwiley
Pages175-185
Number of pages11
ISBN (Electronic)9781119821779
ISBN (Print)9781119821267
DOIs
StatePublished - Jan 7 2022

All Science Journal Classification (ASJC) codes

  • General Computer Science

Cite this