Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities
نویسندگان
چکیده
منابع مشابه
Evaluating Software Metrics as Predictors of Software Vulnerabilities
Web application security is an important problem in today’s Internet. A major cause of this is that many developers are not equipped with the right skills to develop secure code. Because of limited time and resources, web engineers need help in recognizing vulnerable components. A useful approach to predict vulnerable code would allow them to prioritize security-auditing efforts. In this work, ...
متن کاملUsing complexity, coupling, and cohesion metrics as early indicators of vulnerabilities
........................................................................................................................................... ii Acknowledgements ......................................................................................................................... iv Statement of Originality ..........................................................................................
متن کاملRunning head: DESIGN CHURN AS PREDICTOR OF VULNERABILITIES? Title: Design Churn as Predictor of Vulnerabilities?
This paper evaluates a metric suite to predict vulnerable Java classes based on how much the design of an application has changed over time. We refer to this concept as design churn in analogy with code churn. Based on a validation on 10 Android applications, we show that several design churn metrics are in fact significantly associated with vulnerabilities. When used to build a prediction mode...
متن کاملUnderstanding developer resistance to software metrics
There is plenty of good advice available on best practices and enablers of successful measurement programs. Planners and implementers of these programs, however, continue to grapple with push back from developers. This resistance often stems from developers’ distrust of the metrics process and a lack of belief that metrics will be useful, amongst other factors. To help organizations pin-point t...
متن کاملSoftware Developer Activity as a Source for Identifying Hidden Source Code Dependencies
Connections between source code components are important to know in the whole software life. Traditionally, we use syntactic analysis to identify source code dependencies which may not be sufficient in cases of dynamically typed programming languages, loosely coupled components or when multiple programming languages are combined. We aim at using developer activity as a source for identifying im...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Transactions on Software Engineering
سال: 2011
ISSN: 0098-5589
DOI: 10.1109/tse.2010.81