Identifying Security Bug Reports Via Text Mining: An Industrial Case Study

Download Now Date Added: Mar 2010
Format: PDF

A bug-tracking system such as Bugzilla contains Bug Reports (BRs) collected from various sources such as development teams, testing teams, and end users. When bug reporters submit bug reports to a bug-tracking system, the bug reporters need to label the bug reports as security bug reports (SBRs) or not, to indicate whether the involved bugs are security problems. These SBRs generally deserve higher priority in bug fixing than Not-Security Bug Reports (NSBRs). However, in the bug-reporting process, bug reporters often mislabel SBRs as NSBRs partly due to lack of security domain knowledge.