Config Files for Visual Code Grepper to Catch Crypto vulnerabilities
These are congfig files for Visual Code Grepper that capture common cryptographic vulnerabilties. In aggregate, we added 90 new checks to VCG's config files. These represent over 65 deprecated or vulnerable method names, from 33 commonly used libraries. The error message were specifically designed to be as informative as possible, and to aid the developer in rapidly ruling out potential false positives.
Cite as: Raphael Khoury, J ́er ́emy Bolduc, Jason Lafreniere-Nickopoulos, Abdel-Gany Odedele, "Analysis of Cryptographic CVEs: Lessons Learned and Perspectives", Accepted for presentation at the 16th International Symposium on Foundations & Practice of Security (FPS – 2023), Bordeaxu, Fracne, Décembre 2023.