An Empirical Model to Predict Security Vulnerabilities using Code Complexity Metrics

被引:0
|
作者
Shin, Yonghee [1 ]
Williams, Laurie [1 ]
机构
[1] N Carolina State Univ, Dept Comp Sci, Raleigh, NC 27695 USA
来源
ESEM'08: PROCEEDINGS OF THE 2008 ACM-IEEE INTERNATIONAL SYMPOSIUM ON EMPIRICAL SOFTWARE ENGINEERING AND MEASUREMENT | 2008年
关键词
Measurement; Reliability; Security;
D O I
暂无
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Complexity is often hypothesized to be the enemy of software security. If this hypothesis is true, complexity metrics may be used to predict the locale of security problems and can be used to prioritize inspection and testing efforts. We performed statistical analysis on nine complexity metrics from the JavaScript Engine in the Mozilla application framework to find differences in code metrics between vulnerable and non-vulnerable code and to predict vulnerabilities. Our initial results show that complexity metrics can predict vulnerabilities at a low false positive rate, but at a high false negative rate.
引用
收藏
页码:315 / 317
页数:3
相关论文
共 50 条
  • [1] Predicting Security Vulnerabilities using Source Code Metrics
    Ganesh, Sundarakrishnan
    Ohlsson, Tobias
    Palma, Francis
    PROCEEDINGS OF THE 2021 SWEDISH WORKSHOP ON DATA SCIENCE (SWEDS), 2021,
  • [2] Are Source Code Metrics "Good Enough" in Predicting Security Vulnerabilities?
    Ganesh, Sundarakrishnan
    Palma, Francis
    Olsson, Tobias
    DATA, 2022, 7 (09)
  • [3] Peer Code Review to Prevent Security Vulnerabilities: An Empirical Evaluation
    Bosu, Amiangshu
    Carver, Jeffrey C.
    2013 IEEE 7TH INTERNATIONAL CONFERENCE ON SOFTWARE SECURITY AND RELIABILITY - COMPANION (SERE-C), 2013, : 230 - 231
  • [4] Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities
    Shin, Yonghee
    Meneely, Andrew
    Williams, Laurie
    Osborne, Jason A.
    IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2011, 37 (06) : 772 - 787
  • [5] Deep Learning for Software Vulnerabilities Detection Using Code Metrics
    Zagane, Mohammed
    Abdi, Mustapha Kamel
    Alenezi, Mamdouh
    IEEE ACCESS, 2020, 8 : 74562 - 74570
  • [6] A New Approach to Locate Software Vulnerabilities Using Code Metrics
    Zagane, Mohammed
    Abdi, Mustapha Kamel
    Alenezi, Mamdouh
    INTERNATIONAL JOURNAL OF SOFTWARE INNOVATION, 2020, 8 (03) : 82 - 95
  • [7] Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities
    Chowdhury, Istehad
    Zulkernine, Mohammad
    JOURNAL OF SYSTEMS ARCHITECTURE, 2011, 57 (03) : 294 - 313
  • [8] Software Metrics as Indicators of Security Vulnerabilities
    Medeiros, Nadia
    Ivaki, Naghmeh
    Costa, Pedro
    Vieira, Marco
    2017 IEEE 28TH INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING (ISSRE), 2017, : 216 - 227
  • [9] Using complexity metrics to improve software security
    Moshtari, Sara
    Sami, Ashkan
    Azimi, Mahdi
    Computer Fraud and Security, 2013, 2013 (05): : 8 - 17
  • [10] Security Vulnerabilities in Categories of Clones and Non-Cloned Code: An Empirical Study
    Islam, Md Rakibul
    Zibran, Minhaz F.
    Nagpal, Aayush
    11TH ACM/IEEE INTERNATIONAL SYMPOSIUM ON EMPIRICAL SOFTWARE ENGINEERING AND MEASUREMENT (ESEM 2017), 2017, : 20 - 29
12345