The Evolution and Decay of Statically Detected Source Code Vulnerabilities

Penta, Massimiliano Di; Cerulo, Luigi

doi:10.1109/scam.2008.20

Cited by 9 publications

(10 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Figure 3-b shows the median LDA and Unix diff accuracy over the experiments performed, and the interquartile range (between the third and first quartile). We tested the significance of the obtained results, by using a two-tailed 2 Mann-Whitney test. The LDA algorithm exhibits significantly higher performances in the identification of changed lines (p-value<0.001), while the Unix diff performs better in the 1 Since we are expecting improvements over subsequent steps.…”

Section: Performances Of the Line Differencing Algorithmmentioning

confidence: 99%

“…The LDA algorithm exhibits significantly higher performances in the identification of changed lines (p-value<0.001), while the Unix diff performs better in the 1 Since we are expecting improvements over subsequent steps. 2 Since we do not know a-priori whether ldiff performs better than the Unix diff. identification of added and deleted lines (p-value=0.009 and <0.0001 respectively) because ldiff classifies added and deleted lines as potential changed lines, causing an increment of both false negatives and positives.…”

Section: Performances Of the Line Differencing Algorithmmentioning

confidence: 99%

“…Figure 4-b compares the decay time of different kinds of vulnerabilities detected by Splint in the Squid Web proxy 8 source code, and indicates how vulnerabilities such as buffer overflows and memory allocation problems are removed quicker than others. In addition, it would be possible to model the vulnerability decay by means of a probability distribution, or to estimate the likelihood a vulnerability has to be removed [2]: we found that for some vulnerability categories (e.g., buffer overflows) the likelihood a vulnerability has to disappear from the system exponentially decreases with the time.…”

Section: Do Developers Take Care Of Potentially Vulnerable Instructions?mentioning

confidence: 99%

See 2 more Smart Citations

Tracking Your Changes: A Language-Independent Approach

2009

Self Cite

View full text Add to dashboard Cite

The availability of powerful differencing algorithms is crucial to track the evolution of source code, for example with the purpose of monitoring clones or vulnerable statements. In this paper we present a language-independent approach to track the evolution of code fragments, based on a novel differencing algorithm, that overcomes limitations of the Unix diff. We show how the algorithm is able to track the evolution of code elements in real-world software systems with acceptable precision, and provide examples-such as clone tracking and vulnerability tracking-where the algorithm has been successfully applied.

show abstract

Section: Performances Of the Line Differencing Algorithmmentioning

confidence: 99%

Section: Performances Of the Line Differencing Algorithmmentioning

confidence: 99%

Section: Do Developers Take Care Of Potentially Vulnerable Instructions?mentioning

confidence: 99%

See 1 more Smart Citation

Tracking Your Changes: A Language-Independent Approach

2009

Self Cite

View full text Add to dashboard Cite

show abstract

“…In a companion paper [32] we presented a preliminary version of this work. The present paper extends the previous one by analyzing how and in what context vulnerabilities are removed, and to what extent developers document such removals.…”

Section: Maintenance Of Vulnerable Codementioning

confidence: 99%

The life and death of statically detected vulnerabilities: An empirical study

Penta

Cerulo

2009

Information and Software Technology

Self Cite

View full text Add to dashboard Cite

“…Using this framework, different kinds of studies have been conducted, among others (i) to investigate the changeability design patterns [1]; (ii) to analyze the maintenance of clones (preliminary results limited to manual analysis are reported in [2]); and (iii) to investigate on the evolution and decay of vulnerabilities in network applications [15].…”

Section: Achievementsmentioning

confidence: 99%

METAMORPHOS: MEthods and Tools for migrAting software systeMs towards web and service Oriented aRchitectures: exPerimental evaluation, usability, and tecHnOlogy tranSfer

Lucia

Penta

Lanubile

et al. 2009

2009 13th European Conference on Software Maintenance and Reengineering

View full text Add to dashboard Cite

The project METAMORPHOS is a two-year Italian research project, funded by the Ministry of University and Research, aimed at facilitating the selection and the adoption of reverse engineering and migration techniques and tools in industry. To pursue such an objective, the project aims at empirically evaluating techniques and tools that can potentially fulfill industry needs. The project focuses in particular on migration activities towards distributed architecturessuch as Web-based and service-oriented-and mobile devices that are nowadays gaining an increasing diffusion and central role.

show abstract

The Evolution and Decay of Statically Detected Source Code Vulnerabilities

Abstract: Abstract

Cited by 9 publications

References 22 publications

Tracking Your Changes: A Language-Independent Approach

Tracking Your Changes: A Language-Independent Approach

The life and death of statically detected vulnerabilities: An empirical study

METAMORPHOS: MEthods and Tools for migrAting software systeMs towards web and service Oriented aRchitectures: exPerimental evaluation, usability, and tecHnOlogy tranSfer

Contact Info

Product

Resources

About