Vulnerability or Defect detection is a major problem in software engineering. Of late, many new ML models have been proposed to solve this problem. To help research in this area, we recently released the D2A dataset which is based on Infer Static Analyzer bug reports for real-world C programming language data. D2A goes one step further and performs a differential analysis by comparing the before (potential vulnerability) and after (fix of the vulnerability) versions to make an assessment and label the before version as vulnerable if it detects a change compared to the after version. Through this leaderboard we explore multiple ways to solve the vulnerability detection problem by identifying the real vulnerabilities amongst the many possibilities generated by static analysis.

From the D2A dataset we have extracted three types of data:
1. Infer Bug Reports (Trace)
2. Bug function source code (Function)
3. Bug function source code, trace functions source code and bug function file URL (Code).

From these three types of data we have created 4 real-bug prediction tasks:
1. Code + Trace
2. Trace
3. Code
4. Function.

Since the Function dataset is balanced, we use Accuracy to evaluate the results. For the other unbalanced datasets we use F1 and AUROC. More details on the data and the metrics can be found here.
To correctly identify a defect or vulnerability we believe that the model must be able to extract features from different types of data. And since most vulnerabilities are spread across multiple functions, it's also important for the model to be able to perform inter-procedural feature extraction. The Trace data is a combination of natural language and source code. Code data contains source code for the multiple functions found in the Trace. This leaderboard should demonstrate the success of models to detect the real vulnerabilities in each of these tasks.