Embedded Files
As described in our research paper (RQ4), we aim to show the practicality of PatchFinder in real-world contexts.
By our submission to ISSTA 2024, PatchFinder identified 533 patch commits of these CVEs. We submitted 172* of these commits to the official CVE Numbering Authorities (CNAs), of which 135 received official acknowledgment. The others are pending confirmation.
As a note of transparency and in line with responsible disclosure practices, we have temporarily withheld certain patch commits pending submission to the CVE CNAs in the Google sheet below. We will disclose these once we have coordinated with the relevant parties and ensured all best practices are adhered to.
*In response to the CVE Numbering Authorities' need for detailed information on each patch commit, we've implemented a rigorous manual review process. This involves engaging the first two authors of each patch to ensure that every submission is backed with thorough evidence and materials. Our approach is particularly crucial for patches that don't clearly state their identity, requiring a keen analysis of the subtle nuances in code differences. By doing so, we aim not only to maintain the highest standards of accuracy but also to significantly reduce the workload for the CVE teams, preventing overloading the security teams, such as those at GitHub, and streamline the CVE processing pipeline.
NEW! December 10, 2023
In recognition that not all CNAs prioritize updating patch commits for disclosed CVEs, we have adapted our approach to better support the community. Following the guidance of the GitHub Advisory Database, we now focus on submitting our new patch commits directly to the GitHub Advisory Database.
🎉This initiative has led to the submission of another 37 patch commits, with 35 already confirmed and merged into the GitHub Advisory Database, contributing positively to the broader ecosystem.
As of January 25, 2024, we have submitted 300 patch commits PatchFinder found to the official CNAs, of which 264 received official acknowledgment (details in the Google Sheet below)! The others are pending confirmation.
As of Mar. 8th 2024, we have submitted 533 patch commits PatchFinder found to the official CNAs, of which 483 received official acknowledgment (details in the Google Sheet below)! The others are pending confirmation.
NEW!🎉 As of May 20th, 2024, we have extended our experiments and submitted 700 patch commits PatchFinder found to the official CNAs, of which 600 received official acknowledgment (details in the Google Sheet below)! The others are pending confirmation.
NEW!🎉 As of Sep. 1st, 2024, we have extended our experiments and submitted 750 patch commits PatchFinder found to the official CNAs, of which 631 received official acknowledgment (details in the Google Sheet below)! The others are pending confirmation.
Stay informed about our ongoing efforts! 🤖
🎯By leveraging PatchFinder, we are committed to enhancing cybersecurity by ensuring the integrity and reliability of these security patches.
Google Sites
Report abuse