angler-fishThe Vulnerability History Project

Known Origin (VCC)

Do we have a vulnerability-contributing commit on record? A **vulnerability-contributing commit** is a commit that we believe is the origin of a vulnerability in source control. If a vulnerability has this tag, then we have found at least one VCC for it. We use a modified version of the [SZZ algorithm]( using the [archeogit]( built by Nuthan Munaiah to identify VCCs. In short, this algorithm uses `git blame` functionality to trace individual lines of code back to their origins. Curators are asked to verify if the VCCs are valid, so these have manual curations as well.


    There are no articles here... yet