When Are OSS Developers More Likely to Introduce Vulnerable Code Changes? A Case Study

نویسندگان

  • Amiangshu Bosu
  • Jeffrey C. Carver
  • Munawar Hafiz
  • Patrick Hilley
  • Derek Janni
چکیده

We analyzed peer code review data of the Android Open Source Project (AOSP) to understand whether code changes that introduce security vulnerabilities, referred to as vulnerable code changes (VCC), occur at certain intervals. Using a systematic manual analysis process, we identified 60 VCCs. Our results suggest that AOSP developers were more likely to write VCCs prior to AOSP releases, while during the post-release period they wrote fewer VCCs.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Do More Experienced Developers Introduce Fewer Bugs?

Developer experience is a common matter of study in the software maintenance and evolution research literature. However it is still not well understood if less experienced developers are more prone to introduce errors in the source code than their more experienced colleagues. This paper aims to study the relationships between experience and the bug introduction ratio using the Mozilla community...

متن کامل

Organizational Circumstances for Large-scale Refactoring in Open Source Software (OSS) production

As software projects evolve over time, source code inherently becomes more complicated and tend to drift away from its original structure envisaged by the project founder. Uncontrolled software complexity makes it difficult to comprehend, modify code, and maintain sustainable level of OSS developers. Faced with challenges of increasingly complicated software design, software refactoring can be ...

متن کامل

Social Preferences and Open Source Software Development

Open source software (OSS), and open innovation in general, has received increasing attention from both researchers and practitioners. Based on recent literature on social preference from behavior economics, we propose a finite-horizon dynamic model to study the interactions between OSS developers who are either purely self-interested or conditional cooperators. We find that selfinterested deve...

متن کامل

An Exploratory Study of Open Source Software Development Team Structure

We examine the structure of Open Source Software (OSS) development teams as part of a project on success factors for distributed work teams. Several authors have described OSS teams as having a hierarchical structure: a small team of core developers who oversee the development and contribute most of the code, a larger group of co-developers who contribute sporadically by reviewing or modifying ...

متن کامل

Retention and Quality in Open Source Software Projects

Open source software (OSS) is a rapidly developing phenomenon and is finding an increasing use worldwide. In spite of its attractiveness and advantages, issues related to the quality of the software and retention of developers persists. In this study, we identify two key antecedents: complexity and modularity of the software and investigate their effects on software quality and developer retent...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2014