Benchmarking Static Misuse or Bug Detectors Using Software Vulnerabilities

Master Thesis

The goal of this thesis is to build a dataset of security vulnerabilities in software, integrate the dataset in MuBench and evaluate the dataset against existing API-Misuse and bug detectors. The result will answer the question whether existing API-Misuse and bug detectors can identify software vulnerabilities. Further, the dataset helps future research to benchmark their tools against software vulnerabilities.

Our approach is to identify CVEs which affect open source projects written in Java. For each application, we want to identify the method which needs to be changed to fix the vulnerability. Further, we provide the necessary information to build the respective versions. All these information will create a misuse dataset which we plan to integrate into the benchmark MuBench to evaluate existing approaches.