When Are OSS Developers More Likely to Introduce Vulnerable Code Changes? A Case Study - Open Source Software: Mobile Open Source Technologies (OSS 2014) Access content directly
Conference Papers Year : 2014

When Are OSS Developers More Likely to Introduce Vulnerable Code Changes? A Case Study

Amiangshu Bosu
  • Function : Author
  • PersonId : 989654
University of Alabama [Tuscaloosa]
Jeffrey C. Carver
  • Function : Author
  • PersonId : 989655
University of Alabama [Tuscaloosa]
Munawar Hafiz
  • Function : Author
  • PersonId : 989711
Auburn University
Patrick Hilley
  • Function : Author
  • PersonId : 989712
Providence College
Derek Janni
  • Function : Author
  • PersonId : 989713
Lewis & Clark College [Portland]

Abstract

We analyzed peer code review data of the Android Open Source Project (AOSP) to understand whether code changes that introduce security vulnerabilities, referred to as vulnerable code changes (VCC), occur at certain intervals. Using a systematic manual analysis process, we identified 60 VCCs. Our results suggest that AOSP developers were more likely to write VCCs prior to AOSP releases, while during the post-release period they wrote fewer VCCs.

Domains

Computer Science [cs]
Fichier principal
Vignette du fichier
978-3-642-55128-4_37_Chapter.pdf (4 Ko) Télécharger le fichier
Origin : Files produced by the author(s)

Hal Ifip  : Connect in order to contact the contributor

https://inria.hal.science/hal-01373117

Submitted on : Wednesday, September 28, 2016-10:51:14 AM

Last modification on : Thursday, August 22, 2019-2:04:01 PM

Long-term archiving on: Thursday, December 29, 2016-12:54:02 PM

Download

Dates and versions

hal-01373117 , version 1 (28-09-2016)

Licence

Attribution

Identifiers

Cite

Amiangshu Bosu, Jeffrey C. Carver, Munawar Hafiz, Patrick Hilley, Derek Janni. When Are OSS Developers More Likely to Introduce Vulnerable Code Changes? A Case Study. 10th IFIP International Conference on Open Source Systems (OSS), May 2014, San José, Costa Rica. pp.234-236, ⟨10.1007/978-3-642-55128-4_37⟩. ⟨hal-01373117⟩

Export

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

IFIP IFIP-AICT IFIP-TC IFIP-AICT-427 IFIP-WG IFIP-OSS IFIP-TC2 IFIP-WG2-13
113 View
70 Download

Altmetric

Share

Gmail Facebook X LinkedIn More