An Empirical Study of Security Issues Posted in Open Source Projects

Mansooreh Zahedi, Muhammad Ali Babar, Christoph Treude

Publikation: Konference artikel i Proceeding eller bog/rapport kapitelKonferencebidrag i proceedingsForskningpeer review

Abstract

When developers gain thorough understanding and knowledge of software security, they can produce more secure software. This study aims at empirically identifying and understanding the security issues posted on a random sample of GitHub repositories. We tried to understand the presence of security issues and their key themes and topics. We applied a mixed-methods approach, combining topic modeling techniques and qualitative analysis. Our findings have revealed that a) the rate of security-related issues was rather small (approx. 3% of all issues), b) the majority of the security issues were related to identity management and cryptography topics. We present 7 high-level themes of problems that developers face in implementing security features.
OriginalsprogEngelsk
TitelHawaii International Conference on System Sciences (HICSS)
Antal sider10
UdgivelsesstedHawaii, Manoa
Publikationsdato2018
Sider5504-5513
ISBN (Trykt)978-0-9981331-1-9
StatusUdgivet - 2018

Emneord

  • Software Security
  • Empirical Software Engineering
  • GitHub
  • Repository Mining
  • Topic Modeling
  • qualitative research

Fingeraftryk

Dyk ned i forskningsemnerne om 'An Empirical Study of Security Issues Posted in Open Source Projects'. Sammen danner de et unikt fingeraftryk.

Citationsformater