Some software vulnerability real-world data sets
Here are some of the software vulnerability real-world data sets.
The original real-world data sets, collected by Lin et al. (https://github.com/DanielLin1986/TransferRepresentationLearning), which contain the source codes of vulnerable and non-vulnerable functions obtained from six real-world software projects, namely FFmpeg, LibTIFF, LibPNG, VLC and Pidgin. These datasets cover both multimedia and image application categories.
To obtain our used data sets, we preprocess these data sets before inputting into the deep neural networks. Firstly, we standardize the source codes by removing comments, blank lines and non-ASCII characters. Secondly, we map user-defined variables to symbolic names (e.g., “var1”, “var2”) and user-defined functions to symbolic names (e.g., “func1”, “func2”). We also replace integers, real and hexadecimal numbers with a generic "number" token and strings with a generic "str" token. We use https://joern.readthedocs.io/en/latest/ to analyze the source codes to get user-defined variables and functions.