Thesis (M.S., Computer Science)--University of Idaho, June 2014 | Software vulnerabilities are mistakes in software such that its execution can violate the security policy. Software vulnerabilities are an increasing security focus as critical and sensitive systems become dependent on complex software systems. Therefore, discovering these vulnerabilities as early as possible is of extreme importance. Hidden Impact Bugs (HIBs) are vulnerabilities identified as such, only after the related bug had been publically disclosed. This thesis provides a framework for identifying software vulnerabilities via HIBs using information extracted from publically available bug databases.
The contributions of this thesis are four fold: 1) the concept of HIBs is introduced and the existence of HIBs in software is shown, 2) methodology for identifying software vulnerabilities using textual information from bug databases is presented, 3) information extraction and compression methodologies specific to extracting information from bug databases is provided, 4) a novel methodology for determining the optimal set of dimensions for classification is presented.