Can Knowledge of Technical Debt Help Identify Software Vulnerabilities?
نویسندگان
چکیده
Software vulnerabilities originating from design decisions are hard to find early and time consuming to fix later. We investigated whether the problematic design decisions themselves might be relatively easier to find, based on the concept of “technical debt,” i.e., design or implementation constructs that are expedient in the short term but make future changes and fixes more costly. If so, can knowing which components contain technical debt help developers identify and manage certain classes of vulnerabilities? This paper provides our approach for using knowledge of technical debt to identify software vulnerabilities that are difficult to find using only static analysis of the code. We present initial findings from a study of the Chromium open source project that motivates the need to examine a combination of evidence: quantitative static analysis of anomalies in code, qualitative classification of design consequences in issue trackers, and software development indicators in the commit history.
منابع مشابه
Gamification: a Game Changer for Managing Technical Debt? A Design Study
Context: Technical debt management is challenging for software engineers due to poor tool support and a lack of knowledge on how to prioritize technical debt repayment and prevention activities. Furthermore, when there is a large backlog of debt, developers often lack the motivation to address it. Objective: In this paper, we describe a design study to investigate how gamification can support T...
متن کاملDeveloping Processes to Increase Technical Debt Visibility and Manageability - An Action Research Study in Industry
The knowledge on technical debt and its management has increased in recent years. The interest of academia and industry has generated many viewpoints on technical debt. Technical debt management consists of technical and organizational aspects, which make it a challenge in software development. To increase technical debt visibility and manageability, new processes must be developed and thorough...
متن کاملDetecting Technical Debt through Issue Trackers
Managing technical debt effectively to prevent it from accumulating too quickly is of great concern to software stakeholders. To pay off technical debt regularly, software developers must be conscious of the existence of technical debt items. The first step is to make technical debt explicit; that is the identification of technical debt. Although there exist many kinds of static source code ana...
متن کاملDatabase Normalization Debt: A Debt-Aware Approach to Reason about Normalization Decisions in Database Design
Technical debt is a metaphor that describes the long-term effects of shortcuts taken in software development activities to achieve near-term goals. In this study, we explore a new context of technical debt that relates to database normalization design decisions. We posit that ill-normalized databases can have longterm ramifications on data quality and maintainability costs over time, just like ...
متن کاملTD-Manager: a tool for managing technical debt through integrated catalog
Technical debt is an emergent area that has stimulated academical concern, its practical application cope development activities such as documentation, design, code and test. However, literature review pointed out an integration gap between identifying and accurately cataloging technical debt. It also mentioned bunch of tools for most activities on software development process that could identi...
متن کامل