{"title":"基于本体的软件构件自动标记方法","authors":"Sultan S. Al-Qahtani, J. Rilling","doi":"10.1109/ESEM.2017.25","DOIUrl":null,"url":null,"abstract":"Context: Software engineering repositories contain a wealth of textual information such as source code comments, developers' discussions, commit messages and bug reports. These free form text descriptions can contain both direct and implicit references to security concerns. Goal: Derive an approach to extract security concerns from textual information that can yield several benefits, such as bug management (e.g., prioritization), bug triage or capturing zero-day attack. Method: Propose a fully automated classification and tagging approach that can extract security tags from these texts without the need for manual training data. Results: We introduce an ontology based Software Security Tagger Framework that can automatically identify and classify cybersecurity-related entities, and concepts in text of software artifacts. Conclusion: Our preliminary results indicate that the framework can successfully extract and classify cybersecurity knowledge captured in unstructured text found in software artifacts.","PeriodicalId":213866,"journal":{"name":"2017 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-11-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"An Ontology-Based Approach to Automate Tagging of Software Artifacts\",\"authors\":\"Sultan S. Al-Qahtani, J. Rilling\",\"doi\":\"10.1109/ESEM.2017.25\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Context: Software engineering repositories contain a wealth of textual information such as source code comments, developers' discussions, commit messages and bug reports. These free form text descriptions can contain both direct and implicit references to security concerns. Goal: Derive an approach to extract security concerns from textual information that can yield several benefits, such as bug management (e.g., prioritization), bug triage or capturing zero-day attack. Method: Propose a fully automated classification and tagging approach that can extract security tags from these texts without the need for manual training data. Results: We introduce an ontology based Software Security Tagger Framework that can automatically identify and classify cybersecurity-related entities, and concepts in text of software artifacts. Conclusion: Our preliminary results indicate that the framework can successfully extract and classify cybersecurity knowledge captured in unstructured text found in software artifacts.\",\"PeriodicalId\":213866,\"journal\":{\"name\":\"2017 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)\",\"volume\":\"11 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-11-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ESEM.2017.25\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ESEM.2017.25","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Ontology-Based Approach to Automate Tagging of Software Artifacts
Context: Software engineering repositories contain a wealth of textual information such as source code comments, developers' discussions, commit messages and bug reports. These free form text descriptions can contain both direct and implicit references to security concerns. Goal: Derive an approach to extract security concerns from textual information that can yield several benefits, such as bug management (e.g., prioritization), bug triage or capturing zero-day attack. Method: Propose a fully automated classification and tagging approach that can extract security tags from these texts without the need for manual training data. Results: We introduce an ontology based Software Security Tagger Framework that can automatically identify and classify cybersecurity-related entities, and concepts in text of software artifacts. Conclusion: Our preliminary results indicate that the framework can successfully extract and classify cybersecurity knowledge captured in unstructured text found in software artifacts.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
