When Are OSS Developers More Likely to Introduce Vulnerable Code Changes? A Case Study

Abstract : We analyzed peer code review data of the Android Open Source Project (AOSP) to understand whether code changes that introduce security vulnerabilities, referred to as vulnerable code changes (VCC), occur at certain intervals. Using a systematic manual analysis process, we identified 60 VCCs. Our results suggest that AOSP developers were more likely to write VCCs prior to AOSP releases, while during the post-release period they wrote fewer VCCs.
Type de document :
Communication dans un congrès
Luis Corral; Alberto Sillitti; Giancarlo Succi; Jelena Vlasenko; Anthony I. Wasserman. 10th IFIP International Conference on Open Source Systems (OSS), May 2014, San José, Costa Rica. Springer, IFIP Advances in Information and Communication Technology, AICT-427, pp.234-236, 2014, Open Source Software: Mobile Open Source Technologies. 〈10.1007/978-3-642-55128-4_37〉
Liste complète des métadonnées

Littérature citée [2 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01373117
Contributeur : Hal Ifip <>
Soumis le : mercredi 28 septembre 2016 - 10:51:14
Dernière modification le : mercredi 27 décembre 2017 - 16:48:03
Document(s) archivé(s) le : jeudi 29 décembre 2016 - 12:54:02

Fichier

978-3-642-55128-4_37_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Amiangshu Bosu, Jeffrey Carver, Munawar Hafiz, Patrick Hilley, Derek Janni. When Are OSS Developers More Likely to Introduce Vulnerable Code Changes? A Case Study. Luis Corral; Alberto Sillitti; Giancarlo Succi; Jelena Vlasenko; Anthony I. Wasserman. 10th IFIP International Conference on Open Source Systems (OSS), May 2014, San José, Costa Rica. Springer, IFIP Advances in Information and Communication Technology, AICT-427, pp.234-236, 2014, Open Source Software: Mobile Open Source Technologies. 〈10.1007/978-3-642-55128-4_37〉. 〈hal-01373117〉

Partager

Métriques

Consultations de la notice

101

Téléchargements de fichiers

9