Measuring the Occurrence of Security-Related Bugs through Software Evolution

by Mitropoulos, Dimitris and Gousios, Georgios and Spinellis, Diomidis

You can get a pre-print version from here.
You can view the publisher's page here.

Abstract

A security-related bug is a programming error that intro- duces a potentially exploitable weakness into a computer system. This weakness could lead to a security breach with unfortunate consequences. Version control systems provide an accurate historical record of the software code’s evolu- tion. In this paper we examine the frequency of the security-related bugs throughout the evolution of a software project by applying the FindBugs static analyzer on all versions of its revision history. We have applied our approach on four projects and we have come out with some interesting results including the fact that the number of the security-related bugs increase as the project evolves.

Bibtex record

@inproceedings{MGS12,
  title = {Measuring the Occurrence of Security-Related Bugs through Software
                 Evolution},
  author = {Mitropoulos, Dimitris and Gousios, Georgios and Spinellis, Diomidis},
  booktitle = {PCI 2012: Proceedings of 16th Panhellenic Conference on
                 Informatics},
  publisher = {IEEE Computer Society},
  year = {2012},
  doi = {10.1109/PCi.2012.15},
  pages = {117--122},
  url = {/pub/measuring-the-occurrence-of-security-related-bugs-through-software-evolution.pdf}
}

The paper