When Are OSS Developers More Likely to Introduce Vulnerable Code Changes? A Case Study
| Title | When Are OSS Developers More Likely to Introduce Vulnerable Code Changes? A Case Study |
| Publication Type | Book Chapter |
| Year of Publication | 2014 |
| Authors | Bosu, A, Carver, JC, Hafiz, M, Hilley, P, Janni, D |
| Secondary Authors | Corral, L, Sillitti, A, Succi, G, Vlasenko, J, Wasserman, AI |
| Secondary Title | Open Source Software: Mobile Open Source Technologies |
| Series Title | IFIP Advances in Information and Communication Technology |
| Volume | 427 |
| Pagination | 234-236 |
| Publisher | Springer Berlin Heidelberg |
| ISBN Number | 978-3-642-55127-7 |
| Keywords | FOSS, open source, OSS, security, vulnerability |
| Abstract | We analyzed peer code review data of the Android Open Source Project (AOSP) to understand whether code changes that introduce security vulnerabilities, referred to as vulnerable code changes (VCC), occur at certain intervals. Using a systematic manual analysis process, we identified 60 VCCs. Our results suggest that AOSP developers were more likely to write VCCs prior to AOSP releases, while during the post-release period they wrote fewer VCCs. |
| URL | http://dx.doi.org/10.1007/978-3-642-55128-4_37 |
| DOI | 10.1007/978-3-642-55128-4_37 |
| Full Text |
Taxonomy upgrade extras:
- Log in or register to post comments
- Google Scholar
- DOI
- BibTeX
- Tagged
- EndNote XML
Recent Publications
- Managing Hidden Dependencies in OO Software: a Study Based on Open Source Projects
- Open Source Communities as Liminal Ecosystems
- Investigating developers' email discussions during decision-making in Python language evolution
- Developers, Quality Control and Download Volume in Open Source Software (OSS) Projects
More...FLOSS Project Planets
- www-zh-cn @ Savannah: Welcome our new member - bingchuanjuzi
- Matt Glaman: Lenient Composer Plugin officially replaces lenient packages endpoint
- libtool @ Savannah: libtool-2.5.4 released [stable]
- Trey Hunner: Python Black Friday & Cyber Monday sales (2024)
- Security advisories: Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008
FLOSS Research
- Give Your Input on the State of Open Source Survey
- Open Data and Open Source AI: Charting a course to get more of both
- The Open Source Initiative and the Eclipse Foundation to Collaborate on Shaping Open Source AI (OSAI) Public Policy
- ClearlyDefined v2.0 adds support for LicenseRefs
- ClearlyDefined at SOSS Fusion 2024: a collaborative solution to Open Source license compliance