D3.3 presents the mechanisms for predicting vulnerable software components. The deliverable provides a comprehensive literature review of state-of-the-art approaches in the field of Vulnerability Prediction and identifies the main open issues. It documents the design and development of Vulnerability Prediction Models, along with detailed evaluation results. In particular, initially, we focus on text mining (which has demonstrated the most promising results in the related literature) and we examine whether the adoption of the sequences of tokens that reside in the source code, along with the utilization of word embedding vectors can lead to accurate vulnerability prediction. Subsequently, we investigated whether the utilization of software metrics can lead to a better vulnerability prediction model, or improve the predictive performance of text mining-based models. In both cases, emphasis was given to the adoption of Deep Learning, particularly to Deep Neural Networks.
Please note that the European Commission has not approved yet this deliverable.
The contents of the deliverable reflect only the project Consortium’s view and the Commission is not responsible for any use that may be made of the information it contains.