An Empirical Study of Security Issues Posted in Open Source Projects

Mansooreh Zahedi; Muhammad Ali Babar; Christoph  Treude

An Empirical Study of Security Issues Posted in Open Source Projects

Mansooreh Zahedi
, Muhammad Ali Babar
, Christoph Treude

Software Engineering

University of Adelaide

Research output: Conference Article in Proceeding or Book/Report chapter › Article in proceedings › Research › peer-review

Abstract

When developers gain thorough understanding and knowledge of software security, they can produce more secure software. This study aims at empirically identifying and understanding the security issues posted on a random sample of GitHub repositories. We tried to understand the presence of security issues and their key themes and topics. We applied a mixed-methods approach, combining topic modeling techniques and qualitative analysis. Our findings have revealed that a) the rate of security-related issues was rather small (approx. 3% of all issues), b) the majority of the security issues were related to identity management and cryptography topics. We present 7 high-level themes of problems that developers face in implementing security features.

Original language	English
Title of host publication	Hawaii International Conference on System Sciences (HICSS)
Number of pages	10
Place of Publication	Hawaii, Manoa
Publication date	2018
Pages	5504-5513
ISBN (Print)	978-0-9981331-1-9
Publication status	Published - 2018

Keywords

Software Security
Empirical Software Engineering
GitHub
Repository Mining
Topic Modeling
qualitative research

Access to Document

HICSS18 - Camera Ready -for academiaAccepted author manuscript, 370 KB

Cite this

@inproceedings{6cc183862dc14ad9bc7d34200f0f4c8b,

title = "An Empirical Study of Security Issues Posted in Open Source Projects",

abstract = "When developers gain thorough understanding and knowledge of software security, they can produce more secure software. This study aims at empirically identifying and understanding the security issues posted on a random sample of GitHub repositories. We tried to understand the presence of security issues and their key themes and topics. We applied a mixed-methods approach, combining topic modeling techniques and qualitative analysis. Our findings have revealed that a) the rate of security-related issues was rather small (approx. 3\% of all issues), b) the majority of the security issues were related to identity management and cryptography topics. We present 7 high-level themes of problems that developers face in implementing security features.",

keywords = "Software Security, Empirical Software Engineering, GitHub, Repository Mining, Topic Modeling, qualitative research, Software Security, Empirical Software Engineering, GitHub, Repository Mining, Topic Modeling, qualitative research",

author = "Mansooreh Zahedi and \{Ali Babar\}, Muhammad and Christoph Treude",

year = "2018",

language = "English",

isbn = "978-0-9981331-1-9",

pages = "5504--5513",

booktitle = "Hawaii International Conference on System Sciences (HICSS)",

}

TY - GEN

T1 - An Empirical Study of Security Issues Posted in Open Source Projects

AU - Zahedi, Mansooreh

AU - Ali Babar, Muhammad

AU - Treude, Christoph

PY - 2018

Y1 - 2018

N2 - When developers gain thorough understanding and knowledge of software security, they can produce more secure software. This study aims at empirically identifying and understanding the security issues posted on a random sample of GitHub repositories. We tried to understand the presence of security issues and their key themes and topics. We applied a mixed-methods approach, combining topic modeling techniques and qualitative analysis. Our findings have revealed that a) the rate of security-related issues was rather small (approx. 3% of all issues), b) the majority of the security issues were related to identity management and cryptography topics. We present 7 high-level themes of problems that developers face in implementing security features.

AB - When developers gain thorough understanding and knowledge of software security, they can produce more secure software. This study aims at empirically identifying and understanding the security issues posted on a random sample of GitHub repositories. We tried to understand the presence of security issues and their key themes and topics. We applied a mixed-methods approach, combining topic modeling techniques and qualitative analysis. Our findings have revealed that a) the rate of security-related issues was rather small (approx. 3% of all issues), b) the majority of the security issues were related to identity management and cryptography topics. We present 7 high-level themes of problems that developers face in implementing security features.

KW - Software Security

KW - Empirical Software Engineering

KW - GitHub

KW - Repository Mining

KW - Topic Modeling

KW - qualitative research

KW - Software Security

KW - Empirical Software Engineering

KW - GitHub

KW - Repository Mining

KW - Topic Modeling

KW - qualitative research

M3 - Article in proceedings

SN - 978-0-9981331-1-9

SP - 5504

EP - 5513

BT - Hawaii International Conference on System Sciences (HICSS)

CY - Hawaii, Manoa

ER -

An Empirical Study of Security Issues Posted in Open Source Projects

Abstract

Keywords

Access to Document

Fingerprint

Cite this