MbrlCatalogueTitleDetail

Do you wish to reserve the book?
Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities
Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities
by Meneely, A. , Osborne, J. A. , Williams, L. , Yonghee Shin
in Analysis / Browsers (computer) / Case studies / Charge coupled devices / Complexity / Complexity theory / Computer programs / Developers / Digital Object Identifier / Fault diagnosis / Fault prediction / Inspection / Linux / Predictive models / Security / Software / Software engineering / software metrics / Software quality / Software security / Source code / Studies / vulnerability prediction / Web browsers
2011
Yes Please
Hey, we have placed the reservation for you!
Hey, we have placed the reservation for you!
By the way, why not check out events that you can attend while you pick your title.
You are currently in the queue to collect this book. You will be notified once it is your turn to collect the book.
Done
Oops! Something went wrong.
Oops! Something went wrong.
Looks like we were not able to place the reservation. Kindly try again later.
Done
Are you sure you want to remove the book from the shelf?
Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities
by Meneely, A. , Osborne, J. A. , Williams, L. , Yonghee Shin
in Analysis / Browsers (computer) / Case studies / Charge coupled devices / Complexity / Complexity theory / Computer programs / Developers / Digital Object Identifier / Fault diagnosis / Fault prediction / Inspection / Linux / Predictive models / Security / Software / Software engineering / software metrics / Software quality / Software security / Source code / Studies / vulnerability prediction / Web browsers
2011
Confirm
Oops! Something went wrong.
Oops! Something went wrong.
While trying to remove the title from your shelf something went wrong :( Kindly try again later!
Done
Title added to your shelf!
Title added to your shelf!
View what I already have on My Shelf.
Thanks
Oops! Something went wrong.
Oops! Something went wrong.
While trying to add the title to your shelf something went wrong :( Kindly try again later!
Done
Do you wish to request the book?
Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities
Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities
by Meneely, A. , Osborne, J. A. , Williams, L. , Yonghee Shin
in Analysis / Browsers (computer) / Case studies / Charge coupled devices / Complexity / Complexity theory / Computer programs / Developers / Digital Object Identifier / Fault diagnosis / Fault prediction / Inspection / Linux / Predictive models / Security / Software / Software engineering / software metrics / Software quality / Software security / Source code / Studies / vulnerability prediction / Web browsers
2011

Please be aware that the book you have requested cannot be checked out. If you would like to checkout this book, you can reserve another copy
How would you like to get it?
We have requested the book for you! Sorry the robot delivery is not available at the moment
Submit
We have requested the book for you!
We have requested the book for you!
Your request is successful and it will be processed during the Library working hours. Please check the status of your request in My Requests.
Done
Oops! Something went wrong.
Oops! Something went wrong.
Looks like we were not able to place your request. Kindly try again later.
Done
Mohammed Bin Rashid Library /
Catalogue /
Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities
Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities
Journal Article

Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities

Meneely, A.,
Osborne, J. A.,
Williams, L.,
Yonghee Shin
2011
Request Book From Autostore and Choose the Collection Method
Overview
Security inspection and testing require experts in security who think like an attacker. Security experts need to know code locations on which to focus their testing and inspection efforts. Since vulnerabilities are rare occurrences, locating vulnerable code locations can be a challenging task. We investigated whether software metrics obtained from source code and development history are discriminative and predictive of vulnerable code locations. If so, security experts can use this prediction to prioritize security inspection and testing efforts. The metrics we investigated fall into three categories: complexity, code churn, and developer activity metrics. We performed two empirical case studies on large, widely used open-source projects: the Mozilla Firefox web browser and the Red Hat Enterprise Linux kernel. The results indicate that 24 of the 28 metrics collected are discriminative of vulnerabilities for both projects. The models using all three types of metrics together predicted over 80 percent of the known vulnerable files with less than 25 percent false positives for both projects. Compared to a random selection of files for inspection and testing, these models would have reduced the number of files and the number of lines of code to inspect or test by over 71 and 28 percent, respectively, for both projects.
Share this book
Add to My Shelf
Publisher
IEEE,IEEE Computer Society
Subject

Analysis

/ Browsers (computer)

/ Case studies

/ Charge coupled devices

/ Complexity

/ Complexity theory

/ Computer programs

/ Developers

/ Digital Object Identifier

/ Fault diagnosis

/ Fault prediction

/ Inspection

/ Linux

/ Predictive models

/ Security

/ Software

/ Software engineering

/ software metrics

/ Software quality

/ Software security

/ Source code

/ Studies

/ vulnerability prediction

/ Web browsers

MBRLCatalogueRelatedBooks

Related Items

Related Items

The secret life of programs : understand computers - craft better code
Steinhart, Jon, author
Expanding the horizon of electroacoustic music analysis
Emmerson, Simon, 1950-, Landy, Leigh, 1951-
Introduction to MATLAB for engineers and scientists : solutions for numerical computation and modeling
Nagar, Sandeep, author
Introduction to FORTRAN
Introduction to FORTRAN
Kallin, Sten, 1928- author
MATLAB for dummies
Sizemore, Jim, Mueller, John, 1958-
Numerical methods in \C\ : for engineering degree students
Numerical methods in \C\ : for engineering degree students
Kori, J. G. author