Proceedings of the 2010 ACM Symposium on Applied Computing 2010
DOI: 10.1145/1774088.1774504
|View full text |Cite
|
Sign up to set email alerts
|

Can complexity, coupling, and cohesion metrics be used as early indicators of vulnerabilities?

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

2
60
0

Year Published

2015
2015
2024
2024

Publication Types

Select...
4
3
2

Relationship

0
9

Authors

Journals

citations
Cited by 77 publications
(62 citation statements)
references
References 14 publications
2
60
0
Order By: Relevance
“…: Chowdhury and Zulkernine [17] in their study show that there is a correlation between code complexity and the appearance of vulnerabilities. Thus, we measure the complexity of the functions that were changed to remove the vulnerability and compare it with the complexity of the other functions located in the same source code file trying to see if we find the same correlation with Android vulnerabilities.…”
Section: ) Component Analysismentioning
confidence: 92%
“…: Chowdhury and Zulkernine [17] in their study show that there is a correlation between code complexity and the appearance of vulnerabilities. Thus, we measure the complexity of the functions that were changed to remove the vulnerability and compare it with the complexity of the other functions located in the same source code file trying to see if we find the same correlation with Android vulnerabilities.…”
Section: ) Component Analysismentioning
confidence: 92%
“…Although it is a relatively new area of research, a great number of VPMs has already been proposed in the related literature. As stated in [9], the main VPMs that can be found in the literature utilize software metrics [13][14][15][16][17][18][19][20][21][22], text mining [23][24][25][26][27][28], and security-related static analysis alerts [10,[29][30][31][32]] to predict vulnerabilities. These types of VPMs are analyzed in the rest of this section.…”
Section: Vulnerability Prediction Modelingmentioning
confidence: 99%
“…The weak relationship that was generally observed between complexity and vulnerabilities led to the need for incorporating additional metrics in vulnerability prediction. Towards this end, Chowdhury and Zulkernine [17], based on 52 releases of Mozilla Firefox, highlighted the ability of complexity, coupling, and cohesion (CCC) metrics to indicate the existence of vulnerabilities in software files. Based on this observation, the same authors proposed a framework for the automatic prediction of vulnerable files based on CCC metrics [18].…”
Section: Vulnerability Prediction Modelingmentioning
confidence: 99%
“…However, heuristic approaches could be explored. For example, Chowdhury, and Zulkernine [32] find that software complexity, coupling, and cohesion metrics are correlated to vulnerabilities at a statistically significant level. While their research was focused on web browsers, an investigation of the applicability of the approach to operating system-scale software could be undertaken as one means to generate independent data for comparison to equation (5).…”
Section: B Future Workmentioning
confidence: 99%