Software metrics (2nd ed.): a rigorous and practical approach
Software metrics (2nd ed.): a rigorous and practical approach
Software vulnerability analysis
Software vulnerability analysis
Exploiting Software: How to Break Code
Exploiting Software: How to Break Code
Software Security: Building Security In
Software Security: Building Security In
Mining metrics to predict component failures
Proceedings of the 28th international conference on Software engineering
Fine-grained processing of CVS archives with APFEL
eclipse '06 Proceedings of the 2006 OOPSLA workshop on eclipse technology eXchange
Toward Non-security Failures as a Predictor of Security Faults and Failures
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Security of open source web applications
ESEM '09 Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement
Can complexity, coupling, and cohesion metrics be used as early indicators of vulnerabilities?
Proceedings of the 2010 ACM Symposium on Applied Computing
Predicting vulnerable software components with dependency graphs
Proceedings of the 6th International Workshop on Security Measurements and Metrics
Which is the right source for vulnerability studies?: an empirical analysis on Mozilla Firefox
Proceedings of the 6th International Workshop on Security Measurements and Metrics
The beauty and the beast: vulnerabilities in red hat’s packages
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
After-life vulnerabilities: a study on firefox evolution, its vulnerabilities, and fixes
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities
Journal of Systems Architecture: the EUROMICRO Journal
Idea: java vs. PHP: security implications of language choice for web applications
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Hi-index | 0.00 |
Software complexity is often hypothesized to be the enemy of software security. We performed statistical analysis on nine code complexity metrics from the JavaScript Engine in the Mozilla application framework to investigate if this hypothesis is true. Our initial results show that the nine complexity measures have weak correlation (ρ=0.30 at best) with security problems for Mozilla JavaScript Engine. The study should be replicated on more products with design and code-level metrics. It may be necessary to create new complexity metrics to embody the type of complexity that leads to security problems.