Search papers, labs, and topics across Lattice.
The EVerest dataset provides a comprehensive multi-artifact resource for secure software engineering, encompassing requirements, architecture, and code with detailed security labels. It includes 84 security requirements, 1,445 fine-grained security elements, and links to the EVerest software architecture, facilitating advanced research in security verification and classification. Notably, the dataset's creation led to the identification and remediation of a real security vulnerability (CWE-1295), underscoring its practical relevance.
A single dataset bridges the gap between security requirements, architecture, and code, enabling a new frontier in secure software engineering research.
End-to-end security verification, from requirements through architecture to code, requires datasets that span all three artifact types with fine-grained security labels. No existing dataset provides this combination. We present the EVerest dataset, a multi-artifact resource based on EVerest, an industry-driven open-source software stack for electric vehicle charging stations. The dataset includes 84 manually elicited security requirements annotated with security objectives, 1,445 fine-grained security elements (components, entities, data, data flows, states, etc.), acceptance windows, coreferences, and architectural trace links, as well as the EVerest software architecture model, source code, and natural language documentation. It enables research on security requirements classification, named entity recognition, architectural trace linking, and design-time or code-level security verification. During dataset creation, a real security weakness (CWE-1295) was identified, disclosed to the project maintainers, and subsequently fixed. The dataset is publicly available. A short video is available at https://youtu.be/pnn1uqpomvQ.