August 19-21 - Co-Located Events
August 21-23 - Conference
Hilton San Diego Bayfront - San Diego, CA
More information for Open Source Summit + Embedded Linux Conference North America 2019
Back To Schedule
Friday, August 23 • 2:25pm - 3:00pm
Where is my Code Vulnerable: Matching CVEs and Source Code - David A. Barrett & Peter Shin, Canvass Labs*

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Surprisingly, often it's hard to find the precise correspondence between a known software vulnerability (in CVE) and the exact origin of the software (Maven coordinates or github repo/tag). Ideally, this connection would be part of CVE. However, currently, it is not, and creating this correspondence often requires significant human effort.

Dave and Peter introduce Canvass Labs' open-source implementation and discuss techniques it uses to solve this problem. They show how to parse and map CVE information, quantify the current statistics of this correspondence, and discuss the free open data produced by their open-source tool and its further use.

Currently, most Java and JavaScript projects do not add CVE information in their fixes. They show that if OSS engineers were to add CVE information when they commit (as in Linux or OpenSSL), then big data and AI practitioners can create an AI programming assistant that can identify similar bugs and suggest fixes.

avatar for Peter Shin

Peter Shin

CEO, Canvass Labs Inc.
Peter Shin is the Founder and CEO of Canvass Labs Inc. He envisions building robust and secure Open Source Software community.He has spent 17 years working on Open Source Software at the San Diego Supercomputer Center, UC San Diego, and at Qualcomm conducting research in both artificial... Read More →
avatar for David A. Barrett

David A. Barrett

Sr. Director, Canvass Labs
David A. Barrett is a Senior Director at Canvass Labs currently working on applying academic research to improving software infrastructure. After earning his Ph.D., he has been teaching and applying results from computer-science research to engineer solutions for large-scale software... Read More →

Friday August 23, 2019 2:25pm - 3:00pm PDT
Aqua Salon C
  Security & Safety
  • Session Slides Included Yes
  • Session Recorded Yes