Please use this identifier to cite or link to this item: https://ruomoplus.lib.uom.gr/handle/8000/1777
Title: Software vulnerability prediction: A systematic mapping study
Authors: Kalouptsoglou, Ilias 
Siavvas, Miltiadis 
Ampatzoglou, Apostolos 
Kehagias, Dionysios 
Chatzigeorgiou, Alexander 
Author Department Affiliations: Department of Applied Informatics 
Department of Applied Informatics 
Department of Applied Informatics 
Author School Affiliations: School of Information Sciences 
School of Information Sciences 
School of Information Sciences 
Subjects: FRASCATI__Natural sciences__Computer and information sciences
Keywords: Machine learning
Software security
Systematic mapping study
Vulnerability prediction
Issue Date: Dec-2023
Journal: Information and Software Technology 
ISSN: 0950-5849
Volume: 164
Start page: 107303
Abstract: 
Context: Software security is considered a major aspect of software quality as the number of discovered vulnerabilities in software products is growing. Vulnerability prediction is a mechanism that helps engineers to prioritize their inspection efforts focusing on vulnerable parts. Despite the recent advancements, current literature lacks a systematic mapping study on vulnerability prediction. Objective: This paper aims to analyze the state-of-the-art of vulnerability prediction focusing on: (a) the goals of vulnerability prediction-related studies; (b) the data collection processes and the types of datasets that exist in the literature; (c) the mostly examined techniques for the construction of the prediction models and their input features; and (d) the utilized evaluation techniques. Method: We collected 180 primary studies following a broad search methodology across four popular digital libraries. We mapped these studies to the variables of interest and we identified trends and relationships between the studies. Results: The main findings suggest that: (i) there are two major study types, prediction of vulnerable software components and forecasting of the evolution of vulnerabilities in software; (ii) most studies construct their own vulnerability-related dataset retrieving information from vulnerability databases for real-world software; (iii) there is a growing interest for deep learning models along with a trend on textual source code representation; and (iv) F1-score was found to be the most widely used evaluation metric. Conclusions: The results of our study indicate that there are several open challenges in the domain of vulnerability prediction. One of the major conclusions, is the fact that most studies focus on within-project prediction, neglecting the real-world scenario of cross-project prediction.
URI: https://ruomoplus.lib.uom.gr/handle/8000/1777
DOI: 10.1016/j.infsof.2023.107303
Rights: CC0 1.0 Παγκόσμια
Corresponding Item Departments: Department of Applied Informatics
Department of Applied Informatics
Department of Applied Informatics
Appears in Collections:Articles

Files in This Item:
File Description SizeFormat Existing users please
manuscript_SMS_IST_Revisions_Round2.pdf1,79 MBAdobe PDF
Embargoed until December 1, 2025    Request a copy
Show full item record

SCOPUSTM   
Citations

7
checked on Dec 6, 2024

Page view(s)

19
checked on Dec 13, 2024

Download(s)

1
checked on Dec 13, 2024

Google ScholarTM

Check

Altmetric

Altmetric


This item is licensed under a Creative Commons License Creative Commons