An Empirical Study of Security Issues Posted in Open Source Projects

Mansooreh Zahedi; Muhammad Ali Babar; Christoph  Treude

An Empirical Study of Security Issues Posted in Open Source Projects

Mansooreh Zahedi, Muhammad Ali Babar, Christoph Treude

Software Engineering

University of Adelaide

Publikation: Konference artikel i Proceeding eller bog/rapport kapitel › Konferencebidrag i proceedings › Forskning › peer review

Abstract

When developers gain thorough understanding and knowledge of software security, they can produce more secure software. This study aims at empirically identifying and understanding the security issues posted on a random sample of GitHub repositories. We tried to understand the presence of security issues and their key themes and topics. We applied a mixed-methods approach, combining topic modeling techniques and qualitative analysis. Our findings have revealed that a) the rate of security-related issues was rather small (approx. 3% of all issues), b) the majority of the security issues were related to identity management and cryptography topics. We present 7 high-level themes of problems that developers face in implementing security features.

Originalsprog	Engelsk
Titel	Hawaii International Conference on System Sciences (HICSS)
Antal sider	10
Udgivelsessted	Hawaii, Manoa
Publikationsdato	2018
Sider	5504-5513
ISBN (Trykt)	978-0-9981331-1-9
Status	Udgivet - 2018

Emneord

Software Security
Empirical Software Engineering
GitHub
Repository Mining
Topic Modeling
qualitative research

Adgang til dokumentet

HICSS18 - Camera Ready -for academiaAccepteret manuskript, 370 KB

Citationsformater

@inproceedings{6cc183862dc14ad9bc7d34200f0f4c8b,

title = "An Empirical Study of Security Issues Posted in Open Source Projects",

abstract = "When developers gain thorough understanding and knowledge of software security, they can produce more secure software. This study aims at empirically identifying and understanding the security issues posted on a random sample of GitHub repositories. We tried to understand the presence of security issues and their key themes and topics. We applied a mixed-methods approach, combining topic modeling techniques and qualitative analysis. Our findings have revealed that a) the rate of security-related issues was rather small (approx. 3\% of all issues), b) the majority of the security issues were related to identity management and cryptography topics. We present 7 high-level themes of problems that developers face in implementing security features.",

keywords = "Software Security, Empirical Software Engineering, GitHub, Repository Mining, Topic Modeling, qualitative research, Software Security, Empirical Software Engineering, GitHub, Repository Mining, Topic Modeling, qualitative research",

author = "Mansooreh Zahedi and \{Ali Babar\}, Muhammad and Christoph Treude",

year = "2018",

language = "English",

isbn = "978-0-9981331-1-9",

pages = "5504--5513",

booktitle = "Hawaii International Conference on System Sciences (HICSS)",

}

TY - GEN

T1 - An Empirical Study of Security Issues Posted in Open Source Projects

AU - Zahedi, Mansooreh

AU - Ali Babar, Muhammad

AU - Treude, Christoph

PY - 2018

Y1 - 2018

N2 - When developers gain thorough understanding and knowledge of software security, they can produce more secure software. This study aims at empirically identifying and understanding the security issues posted on a random sample of GitHub repositories. We tried to understand the presence of security issues and their key themes and topics. We applied a mixed-methods approach, combining topic modeling techniques and qualitative analysis. Our findings have revealed that a) the rate of security-related issues was rather small (approx. 3% of all issues), b) the majority of the security issues were related to identity management and cryptography topics. We present 7 high-level themes of problems that developers face in implementing security features.

AB - When developers gain thorough understanding and knowledge of software security, they can produce more secure software. This study aims at empirically identifying and understanding the security issues posted on a random sample of GitHub repositories. We tried to understand the presence of security issues and their key themes and topics. We applied a mixed-methods approach, combining topic modeling techniques and qualitative analysis. Our findings have revealed that a) the rate of security-related issues was rather small (approx. 3% of all issues), b) the majority of the security issues were related to identity management and cryptography topics. We present 7 high-level themes of problems that developers face in implementing security features.

KW - Software Security

KW - Empirical Software Engineering

KW - GitHub

KW - Repository Mining

KW - Topic Modeling

KW - qualitative research

KW - Software Security

KW - Empirical Software Engineering

KW - GitHub

KW - Repository Mining

KW - Topic Modeling

KW - qualitative research

M3 - Article in proceedings

SN - 978-0-9981331-1-9

SP - 5504

EP - 5513

BT - Hawaii International Conference on System Sciences (HICSS)

CY - Hawaii, Manoa

ER -

An Empirical Study of Security Issues Posted in Open Source Projects

Abstract

Emneord

Adgang til dokumentet

Fingeraftryk

Citationsformater