Abstract: A method (300) for determining latent variables related to quality of an open source project.

Abstract: A method (500) for finding vulnerabilities in a software project.

Abstract: A method (300) for linking a common vulnerability and exposure, CVE, (106) with at least one synthetic common platform enumeration, CPE, (112) wherein the CVE (106) comprises a summary of a vulnerability, is disclosed. The method (300) comprising: receiving (S302) the summary of the CVE (106) from a vulnerability database, VD, (104); extracting (S304) information from the summary of the CVE (106) using a Natural Language Processing, NLP, model; building (S306) at least one synthetic CPE (112) based on the extracted information; and linking (S308) the CVE (106) with the at least one synthetic CPE (112).

Abstract: Open-source software is prevalent in the development of new technologies. Monitoring software updates for vulnerabilities is expensive and time consuming. Online discussions surrounding new software updates can often provide vital information regarding emerging risks. It is presented a novel approach for automating surveillance of software through the use of natural language processing methods on open-source issues. Further, the potential of virtual adversarial training, a popular semi-supervised learning technique, is used to leverage the vast amounts of unlabeled data available to achieve improved performance. On industry data, it is found that a hierarchical attention network with virtual adversarial training that utilizes the innate document structure to encapsulate the text can be used with good results.

Abstract: A method for prioritizing among vulnerabilities in a software code for a user by using a server is presented. The method comprises receiving a request, a software identification associated to the software code, and a user identification associated to the user from a user computer, fetching domain specific knowledge (DSK) data from a DSK database by using the software identification, wherein the DSK database comprises non-user defined features related to the vulnerabilities, fetching user specific knowledge (USK) data from a USK database by using the user identification, wherein the USK database comprises user defined features related to the vulnerabilities, determining utility estimations for the vulnerabilities, respectively, by comparing the vulnerabilities with the DSK data and comparing the vulnerabilities with the USK data, and transferring the utility estimations from the server to the user computer such that a prioritized list of vulnerabilities can be achieved.