Is There a Prophet Who Can Predict Software Vulnerabilities?

Abstract

Shortcuts in software development generate technical debt and software vulnerabilities. We propose a framework that will allow stakeholders an effective way to forecast the trend in software vulnerabilities and allow stakeholders to provide the necessary resources to reduce the attack surface and the probability of software failure. We demonstrated that our method can forecast vulnerabilities in several open-source projects, and seasonality in daily, monthly, and yearly total vulnerabilities. Our preliminary results indicate that we can use forecasting methods up to 90 days out with accuracy. In this paper, we present our technique, methodology of preparation of inputs for the proposed artificial intelligence model, and the results of analysis of three open source projects.