Security Bug Report Usage for Software Vulnerability Research: A Systematic Mapping Study

Security Bug Report Usage for Software Vulnerability Research: A Systematic Mapping Study

Context: Security bug reports are reports from bug tracking systems that include descriptions and resolutions of security vulnerabilities that occur in software projects. Researchers use security bug reports to conduct research related to software vulnerabilities. A mapping study of publications tha...

Full description

Bibliographic Details
Main Authors: Farzana Ahamed Bhuiyan, Md Bulbul Sharif, Akond Rahman
Format: Article
Language:English
Published: IEEE 2021-01-01
Series:IEEE Access
Subjects:
Bug report
software security
survey
systematic mapping study
vulnerability
Online Access:https://ieeexplore.ieee.org/document/9350573/
id doaj-931d6251824d434f89f60c5ea9b95b76
record_format Article
spelling doaj-931d6251824d434f89f60c5ea9b95b762021-03-30T15:27:44ZengIEEEIEEE Access2169-35362021-01-019284712849510.1109/ACCESS.2021.30580679350573Security Bug Report Usage for Software Vulnerability Research: A Systematic Mapping StudyFarzana Ahamed Bhuiyan0https://orcid.org/0000-0002-0261-2196Md Bulbul Sharif1https://orcid.org/0000-0002-2345-0878Akond Rahman2https://orcid.org/0000-0002-5056-757XDepartment of Computer Science, Tennessee Technological University, Cookeville, TN, USADepartment of Computer Science, Tennessee Technological University, Cookeville, TN, USADepartment of Computer Science, Tennessee Technological University, Cookeville, TN, USAContext: Security bug reports are reports from bug tracking systems that include descriptions and resolutions of security vulnerabilities that occur in software projects. Researchers use security bug reports to conduct research related to software vulnerabilities. A mapping study of publications that use security bug reports can inform researchers on (i) the research topics that have been investigated, and (ii) potential research avenues in the field of software vulnerabilities. Objective: The objective of this paper is to help researchers identify research gaps related to software vulnerabilities by conducting a systematic mapping study of research publications that use security bug reports. Method: We perform a systematic mapping study of research that use security bug reports for software vulnerability research by searching five scholar databases: (i) IEEE Xplore, (ii) ACM Digital Library, (iii) ScienceDirect, (iv)Wiley Online Library, and (v) Springer Link. From the five scholar databases, we select 46 publications that use security bug reports by systematically applying inclusion and exclusion criteria. Using qualitative analysis, we identify research topics investigated in our collected set of publications. Results: We identify three research topics that are investigated in our set of 46 publications. The three topics are: (i) vulnerability classification; (ii) vulnerability report summarization; and (iii) vulnerability dataset construction. Of the studied 46 publications, 42 publications focus on vulnerability classification. Conclusion: Findings from our mapping study can be leveraged to identify research opportunities in the domains of software vulnerability classification and automated vulnerability repair techniques.https://ieeexplore.ieee.org/document/9350573/Bug reportsoftware securitysurveysystematic mapping studyvulnerability
collection DOAJ
language English
format Article
sources DOAJ
author Farzana Ahamed Bhuiyan
Md Bulbul Sharif
Akond Rahman
spellingShingle Farzana Ahamed Bhuiyan
Md Bulbul Sharif
Akond Rahman
Security Bug Report Usage for Software Vulnerability Research: A Systematic Mapping Study
IEEE Access
Bug report
software security
survey
systematic mapping study
vulnerability
author_facet Farzana Ahamed Bhuiyan
Md Bulbul Sharif
Akond Rahman
author_sort Farzana Ahamed Bhuiyan
title Security Bug Report Usage for Software Vulnerability Research: A Systematic Mapping Study
title_short Security Bug Report Usage for Software Vulnerability Research: A Systematic Mapping Study
title_full Security Bug Report Usage for Software Vulnerability Research: A Systematic Mapping Study
title_fullStr Security Bug Report Usage for Software Vulnerability Research: A Systematic Mapping Study
title_full_unstemmed Security Bug Report Usage for Software Vulnerability Research: A Systematic Mapping Study
title_sort security bug report usage for software vulnerability research: a systematic mapping study
publisher IEEE
series IEEE Access
issn 2169-3536
publishDate 2021-01-01
description Context: Security bug reports are reports from bug tracking systems that include descriptions and resolutions of security vulnerabilities that occur in software projects. Researchers use security bug reports to conduct research related to software vulnerabilities. A mapping study of publications that use security bug reports can inform researchers on (i) the research topics that have been investigated, and (ii) potential research avenues in the field of software vulnerabilities. Objective: The objective of this paper is to help researchers identify research gaps related to software vulnerabilities by conducting a systematic mapping study of research publications that use security bug reports. Method: We perform a systematic mapping study of research that use security bug reports for software vulnerability research by searching five scholar databases: (i) IEEE Xplore, (ii) ACM Digital Library, (iii) ScienceDirect, (iv)Wiley Online Library, and (v) Springer Link. From the five scholar databases, we select 46 publications that use security bug reports by systematically applying inclusion and exclusion criteria. Using qualitative analysis, we identify research topics investigated in our collected set of publications. Results: We identify three research topics that are investigated in our set of 46 publications. The three topics are: (i) vulnerability classification; (ii) vulnerability report summarization; and (iii) vulnerability dataset construction. Of the studied 46 publications, 42 publications focus on vulnerability classification. Conclusion: Findings from our mapping study can be leveraged to identify research opportunities in the domains of software vulnerability classification and automated vulnerability repair techniques.
topic Bug report
software security
survey
systematic mapping study
vulnerability
url https://ieeexplore.ieee.org/document/9350573/
work_keys_str_mv AT farzanaahamedbhuiyan securitybugreportusageforsoftwarevulnerabilityresearchasystematicmappingstudy
AT mdbulbulsharif securitybugreportusageforsoftwarevulnerabilityresearchasystematicmappingstudy
AT akondrahman securitybugreportusageforsoftwarevulnerabilityresearchasystematicmappingstudy
_version_ 1724179433308291072

Similar Items