Vulnerability detection is an important challenge in the security community. Many different techniques have been proposed, ranging from symbolic execution to fuzzing in order to help in identifying vulnerabilities. Even though there has been considerable improvement in these approaches, they perform poorly on a large scale code basis. There has also been an alternate approach, where metrics are calculated on the overall code structure with the hope of identifying code segments more prone to vulnerabilities. The logic has been that more complex code, will be more likely to contain vulnerabilities.

In this paper, we conduct an empirical study with a large dataset of vulnerable codes to discuss if we can change the way we measure metrics to improve vulnerability characterization. More specifically, we introduce vulnerable slices as vulnerable code units to measure the software metrics and then use these new measured metrics to classify vulnerable code. The result shows that vulnerable slices significantly increase the accuracy of vulnerability characterization. Further, we utilized vulnerable slices to analyze the distribution of known vulnerability, particularly to observe how by using vulnerable slices the size and complexity changes in real-world vulnerabilities.