Software vulnerability prediction: A systematic mapping study

Software security is considered a major aspect of software quality as the number discovered vulnerabilities in products growing. Vulnerability prediction mechanism that helps engineers to prioritize their inspection efforts focusing on vulnerable parts. Despite recent advancements, current literature lacks systematic mapping study vulnerability prediction. This paper aims analyze state-of-the-art on: (a) goals prediction-related studies; (b) data collection processes and types datasets exist literature; (c) mostly examined techniques for construction models input features; (d) utilized evaluation techniques. We collected 180 primary studies following broad search methodology across four popular digital libraries. mapped these variables interest we identified trends relationships between studies. The main findings suggest that: (i) there are two types, components forecasting evolution software; (ii) most construct own vulnerability-related dataset retrieving information from databases real-world (iii) growing deep learning along with trend textual source code representation; (iv) F1-score was found be widely used metric. results our indicate several open challenges domain One conclusions, fact focus within-project prediction, neglecting scenario cross-project