Public vulnerability discovery method and device based on open source basic library homology detection

The invention provides a public vulnerability discovery method and device based on open source basic library homology detection. The method comprises the steps of 1, constructing a fingerprint library of an open source basic library; 2, constructing a public vulnerability library corresponding to the open source basic library; 3, extracting fingerprint information of the to-be-tested binary file, and calculating homology similarity between the fingerprint information and all fingerprints in a pre-constructed fingerprint library to obtain basic library information of the to-be-tested binary file; and 4, performing matching from a pre-constructed public vulnerability library to obtain public vulnerability information corresponding to the basic library information. According to the method, the installation directories of various software programs can be automatically detected. 本发明提供一种基于开源基础库同源性检测的已公开漏洞发现方法与装置。该方法包括：步骤1：构建开源基础库的指纹库；步骤2：构建和开源基础库对应的已公开漏洞库；步骤3：提取待测二进制文件的指纹信息，计算所述指纹信息与预构建的指纹库中所有指纹之间的同源性相似度以得到待测二进制文件的