We implemented a model that runs on the Chromium project to make sure the vulnerability libraries that are defined in the National Vulnerability Database (NVD) contain the correct description. By choosing different Chrome versions, we used the tool mentioned to check any vulnerability in the database. We get the XML files that contain a list of vulnerabilities. Then, we determine whether a library has vulnerabilities or not. We selected Google Chrome as the project to be studied because it is one of the most popular OSS. Also, there are plenty of resources available such as design documents, architecture overviews, testing information that can be facilitated through its official platform.
##Read the paper for more details