The Beauty and the Beast: Vulnerability in Red Hat's Packages

Channel:
Microsoft Research
Subscribers:
351,000
Published on ● Video Link: https://www.youtube.com/watch?v=UjVT1k8Vt00


Game:
Beauty and the Beast (1994)
Duration: 30:09
51 views
0

In an empirical study of 3241 Red Hat packages, we show that software vulnerabilities correlate with dependencies between packages. With formal concept analysis and statistical hypothesis testing, we identify dependencies that decrease the risk of vulnerabilities (beauties) or increase the risk (beasts). Using support vector machines on dependency data, our prediction models successfully and consistently catch about two thirds of vulnerable packages (median recall of 0.65). When our models predict a package as vulnerable, it is correct more than eight times out of ten (median precision of 0.83). Out of 25 packages predicted to contain unknown vulnerabilities in January 2008, 9 needed fixing within six months, and another one was found to be vulnerable recently. Our findings help developers to choose new dependencies wisely and make them aware of risky dependencies. Joint work with Thomas Zimmermann (Microsoft Research)



Other Videos By Microsoft Research


2016-09-07Modern Computer Arithmetic [1/6]
2016-09-07ISP-Enabled Behavioral Ad Targeting without User Consent (and Beyond)
2016-09-07A Research Program Proposal--Universal Cache Miss Equations for the Memory Hierarchy
2016-09-07Structured Prediction Models in Computer Vision | Efficient Convex Relaxation of Mixture Regression
2016-09-07UPCRC Multicore Applications Workshop - Session # 6 - Human-machine Interaction
2016-09-07Inferring Rankings under Constrained Sensing
2016-09-07UPCRC Multicore Applications Workshop - Session # 5 - Human-machine Interaction
2016-09-07Audio Cameras for Audio-Visual Scene Analysis
2016-09-07Block Switching: Towards a Robust Protocol Stack for Diverse Wireless Networks
2016-09-07A Programming Language for the New Web
2016-09-07The Beauty and the Beast: Vulnerability in Red Hat's Packages
2016-09-07Debian: Anatomy of An Open Source Project
2016-09-07UPCRC Multicore Applications Workshop - Session # 3 - Social Interaction
2016-09-07Supersingular abelian varieties and modular forms
2016-09-07The Jasons: The Secret History of Science's Postwar Elite           
2016-09-07UPCRC Multicore Applications Workshop - Session # 4 - Speech and Audio
2016-09-07Literacy Bridge and the Talking Book Project
2016-09-07Stencil Computation Auto-tuning on Modern Multicore Architectures
2016-09-07MSPAC Discussion and Book Signing with Senator John Kerry and Teresa Heinz Kerry
2016-09-07Mark-Region and Other Advances in Garbage Collection
2016-09-07The Medea Hypothesis: Is Life on Earth Ultimately Self Destructive?


Tags:
microsoft research


Other Statistics

Beauty and the Beast Statistics For Microsoft Research

Currently, Microsoft Research has 51 views for Beauty and the Beast across 1 video. Less than an hour worth of Beauty and the Beast videos were uploaded to his channel, making up less than 0.01% of the total overall content on Microsoft Research's YouTube channel.