C3-VULMAP: A Dataset for Privacy-Aware Vulnerability Detection in Healthcare Systems

We introduce C3-VULMAP, a novel dataset designed to advance privacy-aware vulnerability detection in healthcare systems, addressing the critical need for secure software amid increasing cyber threats to sensitive patient data. By integrating the LINDDUN privacy threat modelling framework with Common Weakness Enumeration (CWE) classifications, we systematically map privacy-specific vulnerabilities in C/C++ code, focusing on healthcare applications such as electronic health records and medical devices. We aggregate real-world and synthetic vulnerability data from diverse sources, creating a comprehensive dataset of vulnerable and non-vulnerable functions across 776 CWE types. We evaluate our dataset using graph neural networks, transformer-based models, and traditional machine learning approaches, achieving high precision and recall, with RoBERTa and Reveal models excelling in detecting Linkability and Identifiability threats (F1-scores up to 0.9968). Our results demonstrate a superior generalization of the dataset for healthcare contexts compared to generic datasets, enabling robust, compliance-driven vulnerability detection. This dataset bridges the gap between privacy and security engineering, offering a foundational resource for developing trustworthy healthcare software and fostering collaborative advancements in cybersecurity research.