A Validation of Object-Oriented Design Metrics as Quality Indicators
IEEE Transactions on Software Engineering
Software Engineering Economics
Software Engineering Economics
Software Security: Building Security In
Software Security: Building Security In
Mining metrics to predict component failures
Proceedings of the 28th international conference on Software engineering
Introduction to Statistical Methods and Data Analysis (with CD-ROM)
Introduction to Statistical Methods and Data Analysis (with CD-ROM)
IEEE Transactions on Software Engineering
Security of open source web applications
ESEM '09 Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement
Can complexity, coupling, and cohesion metrics be used as early indicators of vulnerabilities?
Proceedings of the 2010 ACM Symposium on Applied Computing
Predicting vulnerable software components with dependency graphs
Proceedings of the 6th International Workshop on Security Measurements and Metrics
Which is the right source for vulnerability studies?: an empirical analysis on Mozilla Firefox
Proceedings of the 6th International Workshop on Security Measurements and Metrics
After-life vulnerabilities: a study on firefox evolution, its vulnerabilities, and fixes
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities
Journal of Systems Architecture: the EUROMICRO Journal
Security versus performance bugs: a case study on Firefox
Proceedings of the 8th Working Conference on Mining Software Repositories
Idea: java vs. PHP: security implications of language choice for web applications
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Reducing test effort: A systematic mapping study on existing approaches
Information and Software Technology
| Hi-index | 0.00 |
Complexity is often hypothesized to be the enemy of software security. If this hypothesis is true, complexity metrics may be used to predict the locale of security problems and can be used to prioritize inspection and testing efforts. We performed statistical analysis on nine complexity metrics from the JavaScript Engine in the Mozilla application framework to find differences in code metrics between vulnerable and nonvulnerable code and to predict vulnerabilities. Our initial results show that complexity metrics can predict vulnerabilities at a low false positive rate, but at a high false negative rate.