Conventionally mentioned as one of factors of cyber attacks and infection with malware is the presence of vulnerability in software. Vulnerability is bugs that third parties are able to use in malicious acts, from bugs present in software. Thus, countermeasures, such as software developers finding and correcting vulnerability earlier than attackers, are becoming increasingly important. One of methods of finding vulnerability present in software is a method of using code clones. Code clones are similar or matching pieces of programs present in software. Code clones are usually generated by a software developer copying and pasting a source code into a program under development in order to realize particular functions, the source code being of another program having similar functions.
For example, if vulnerability is found in a source code of a copy source, a software developer not only needs to correct the source code of the copy source, but also needs to correct a source code of a copy destination. However, even if vulnerability is found in the source code of the copy source, unless the developer knows all of code clones of the found vulnerability, correction of vulnerability in software developed by use of the code clones is difficult. A method of finding vulnerability by use of code clones is a method of finding unknown vulnerability present in software to be inspected by finding a code clone of a part found to be vulnerable in the software to be inspected.
For example, described in Non-Patent Literature 1 is a method of using a technique for detecting a code clone included in a source code in finding vulnerability in software. Specifically, in this method, a source code of a vulnerable part is extracted from software found to have vulnerability in the past, and a code clone of the vulnerable part is found by performing matching between pieces of that source code with a source code of software to be inspected, the code clone included in the software to be inspected. In Non-Patent Literature 2, a technique for detecting code clones is described, the technique targeting a program code obtained from an executable file format.