With the evolution of software systems, their size and complexity are rising rapidly. Identifying vulnerabilities as early as possible is crucial for ensuring high software quality and security. Just-in-time (JIT) vulnerability prediction, which aims to find vulnerabilities at the time of commit, has increasingly become a focus of attention. In our work, we present a comparative study to provide insights into the current state of JIT vulnerability prediction by examining three candidate models: CC2Vec, DeepJIT, and Code Change Tree. These unique approaches aptly represent the various techniques used in the field, allowing us to offer a thorough description of the current limitations and strengths of JIT vulnerability prediction. Our focus was on the predictive power of the models, their usability in terms of false positive (FP) rates, and the granularity of the source code analysis they are capable of handling. For training and evaluation, we used two recently published datasets containing vulnerability-inducing commits: ProjectKB and Defectors. Our results highlight the trade-offs between predictive accuracy and operational flexibility and also provide guidance on the use of ML-based automation for developers, especially considering false positive rates in commit-based vulnerability prediction. These findings can serve as crucial insights for future research and practical applications in software security.

More from our Archive

• DOI: 10.1049/cit2.12277 2024

  Extraction of intersecting palm‐vein and palmprint features for cancellable identity verification

  Jaekwon Lee, Beom‐Seok Oh, Kar‐Ann Toh

• DOI: 10.1002/nem.2260 2024

  Fractional non‐fungible tokens: Overview, evaluation, marketplaces, and challenges

  Wonseok Choi, Jongsoo Woo, James Won‐Ki Hong

• DOI: 10.3390/electronics13020323 2024

  A New Link Adaptation Technique for Very High Frequency Data Exchange System in Future Maritime Communication

  Wooseong Shim, Buyoung Kim, Eui-Jik Kim, Dongwan Kim

• DOI: 10.3390/electronics13020324 2024

  Comparison of a Hybrid Firefly–Particle Swarm Optimization Algorithm with Six Hybrid Firefly–Differential Evolution Algorithms and an Effective Cost-Saving Allocation Method for Ridesharing Recommendation Systems

  Fu-Shiung Hsieh

• DOI: 10.1063/5.0176458 2024

  Light management for ever-thinner photovoltaics: A tutorial review

  Eduardo Camarillo Abad, Hannah J. Joyce, Louise C. Hirst

• DOI: 10.1063/5.0176272 2024

  A liquid crystal-based multi-bit terahertz reconfigurable intelligent surface

  Ze Shen, Weili Li, Biaobing Jin, Dixian Zhao

• DOI: 10.1063/5.0186639 2024

  Topological photonics in three and higher dimensions

  Ning Han, Xiang Xi, Yan Meng, Hongsheng Chen, Zhen Gao, Yihao Yang

• DOI: 10.1116/5.0172968 2024

  Simulation of exceptional-point systems on quantum computers for quantum sensing

  Chetan Waghela, Shubhrangshu Dasgupta

• DOI: 10.1093/comnet/cnad051 2024

  A new approach to finding overlapping community structure in signed networks based on Neutrosophic theory

  Maryam Gholami, Amir Sheikhahmadi, Keyhan Khamforoosh, Mahdi Jalili, Farshid Veisi

• DOI: 10.1145/3640346 2024

  Omniscient Video Super-Resolution with Explicit-Implicit Alignment

  Peng Yi, Zhongyuan Wang, Laigan Luo, Kui Jiang, Zheng He, Junjun Jiang, Tao Lu, Jiayi Ma