Module size distribution and defect density

Malaiya, Yashwant K.; Denton, J.

doi:10.1109/issre.2000.885861

Cited by 33 publications

(39 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some previous literature has considered the size factor as a possible connection to defect-density [15][16] [17]. We do not currently possess detailed data on the subsystems of the DCF application, but what can be seen from the size data presented here is that there is a difference in size between the DCF application and the JEF framework, with the DCF application being larger over all three releases (see Table 1 and Table 2).…”

Section: Rq1: How Does the Defect-density For The Reusable Framework mentioning

confidence: 78%

See 1 more Smart Citation

A Case Study of Defect-Density and Change-Density and their Progress over Time

Gupta

Slyngstad

Conradi

et al. 2007

11th European Conference on Software Maintenance and Reengineering (CSMR'07)

View full text Add to dashboard Cite

show abstract

Section: Rq1: How Does the Defect-density For The Reusable Framework mentioning

confidence: 78%

“…Another study by Malaiya and Denton analyzed several studies, introducing a theory of an ideal module size which adheres to the scale of economy [17]. Their theory is based on two dimensions; (1) the division of software into modules and (2) their individual implementation.…”

Section: Related Workmentioning

confidence: 99%

A Case Study of Defect-Density and Change-Density and their Progress over Time

Gupta

Slyngstad

Conradi

et al. 2007

11th European Conference on Software Maintenance and Reengineering (CSMR'07)

View full text Add to dashboard Cite

show abstract

“…Techniques need to be developed for modeling this overlap in order to achieve higher accuracy. We would like to be able to project the expected number of vulnerabilities that will be found during the major part of the lifetime of a release, using early data and a model like the one given in Equation 5. This would require an understanding of the three parameters involved and developing methods for robust estimation.…”

Section: Linux Operating Systemmentioning

confidence: 99%

“…Methods have been developed to project the mean time to failure (MTTF) or the failure rate that will occur after a specific period of testing . Software defect density [5,6,7] has been a widely used metric to measure the quality of a program and is often used as a release criterion for a software project. Very little quantitative work has been done to characterize security vulnerabilities along the same lines.…”

Section: Introductionmentioning

confidence: 99%

Security Vulnerabilities in Software Systems: A Quantitative Perspective

Alhazmi

Malaiya

Ray

2005

Data and Applications Security XIX

View full text Add to dashboard Cite

Abstract. Security and reliability are important attributes of complex software systems. It is now common to use quantitative methods for evaluating and managing reliability. In this work we examine the feasibility of quantitatively characterizing some aspects of security.In particular, we investigate if it is possible to predict the number of vulnerabilities that can potentially be identified in a future release of a software system. We use several major operating systems as representatives of complex software systems. The data on vulnerabilities discovered in some of the popular operating systems is analyzed. We examine this data to determine if the density of vulnerabilities in a program is a useful measure. We try to identify what fraction of software defects are security related, i.e., are vulnerabilities. We examine the dynamics of vulnerability discovery hypothesizing that it may lead us to an estimate of the magnitude of the undiscovered vulnerabilities still present in the system. We consider the vulnerability-discovery rate to see if models can be developed to project future trends. Finally, we use the data for both commercial and open-source systems to determine whether the key observations are generally applicable. Our results indicate that the values of vulnerability densities fall within a range of values, just like the commonly used measure of defect density for general defects. Our examination also reveals that vulnerability discovery may be influenced by several factors including sharing of codes between successive versions of a software system.

show abstract

“…The lower the density of defects (per thousand lines of code), the better the code quality. Defect density may vary within software systems depending on quality and complexity of each of the individual subsystems, though work [8] has been undertaken to address this difficulty in quantification.…”

Section: Maintainability Evaluationmentioning

confidence: 99%