A C/C++ Code Vulnerability Dataset with Code Changes and CVE Summaries

Jiahao Fan, Yi Li, Shaohua Wang, Tien N. Nguyen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We collected a large C/C++ code vulnerability dataset from open-source Github projects, namely Big-Vul. We crawled the public Common Vulnerabilities and Exposures (CVE) database and CVE-related source code repositories. Specifically, we collected the descriptive information of the vulnerabilities from the CVE database, e.g., CVE IDs, CVE severity scores, and CVE summaries. With the CVE information and its related published Github code repository links, we downloaded all of the code repositories and extracted vulnerability related code changes. In total, Big-Vul contains 3,754 code vulnerabilities spanning 91 different vulnerability types. All these code vulnerabilities are extracted from 348 Github projects. All information is stored in the CSV format. We linked the code changes with the CVE descriptive information. Thus, our Big-Vul can be used for various research topics, e.g., detecting and fixing vulnerabilities, analyzing the vulnerability related code changes. Big-Vul is publicly available on Github.

Original languageEnglish (US)
Title of host publicationProceedings - 2020 IEEE/ACM 17th International Conference on Mining Software Repositories, MSR 2020
PublisherAssociation for Computing Machinery, Inc
Pages508-512
Number of pages5
ISBN (Electronic)9781450379571
DOIs
StatePublished - Jun 29 2020
Event17th IEEE/ACM International Conference on Mining Software Repositories, MSR 2020, co-located with the 42nd International Conference on Software Engineering. ICSE 2020 - Virtual, Online, Korea, Republic of
Duration: Jun 29 2020Jun 30 2020

Publication series

NameProceedings - 2020 IEEE/ACM 17th International Conference on Mining Software Repositories, MSR 2020

Conference

Conference17th IEEE/ACM International Conference on Mining Software Repositories, MSR 2020, co-located with the 42nd International Conference on Software Engineering. ICSE 2020
Country/TerritoryKorea, Republic of
CityVirtual, Online
Period6/29/206/30/20

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Software

Keywords

  • C/C++ Code
  • Code Changes
  • Common Vulnerabilities and Exposures

Cite this