Skip to Main content Skip to Navigation
Conference papers

When Are OSS Developers More Likely to Introduce Vulnerable Code Changes? A Case Study

Abstract : We analyzed peer code review data of the Android Open Source Project (AOSP) to understand whether code changes that introduce security vulnerabilities, referred to as vulnerable code changes (VCC), occur at certain intervals. Using a systematic manual analysis process, we identified 60 VCCs. Our results suggest that AOSP developers were more likely to write VCCs prior to AOSP releases, while during the post-release period they wrote fewer VCCs.
Document type :
Conference papers
Complete list of metadatas

Cited literature [2 references]  Display  Hide  Download

https://hal.inria.fr/hal-01373117
Contributor : Hal Ifip <>
Submitted on : Wednesday, September 28, 2016 - 10:51:14 AM
Last modification on : Thursday, August 22, 2019 - 2:04:01 PM
Long-term archiving on: : Thursday, December 29, 2016 - 12:54:02 PM

File

978-3-642-55128-4_37_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Amiangshu Bosu, Jeffrey Carver, Munawar Hafiz, Patrick Hilley, Derek Janni. When Are OSS Developers More Likely to Introduce Vulnerable Code Changes? A Case Study. 10th IFIP International Conference on Open Source Systems (OSS), May 2014, San José, Costa Rica. pp.234-236, ⟨10.1007/978-3-642-55128-4_37⟩. ⟨hal-01373117⟩

Share

Metrics

Record views

184

Files downloads

277