Assertion-oriented automated test data generation
Proceedings of the 18th international conference on Software engineering
Automated test-data generation for exception conditions
Software—Practice & Experience
Abstracting application-level web security
Proceedings of the 11th international conference on World Wide Web
Predicting Software Reliability
Computer
Web application security assessment by fault injection and behavior monitoring
WWW '03 Proceedings of the 12th international conference on World Wide Web
Understanding and predicting effort in software projects
Proceedings of the 25th International Conference on Software Engineering
ITS4: A static vulnerability scanner for C and C++ code
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Software vulnerability analysis
Software vulnerability analysis
Characterizing the 'Security Vulnerability Likelihood' of Software Functions
ICSM '03 Proceedings of the International Conference on Software Maintenance
CVS Release History Data for Detecting Logical Couplings
IWPSE '03 Proceedings of the 6th International Workshop on Principles of Software Evolution
Using Program Transformation to Secure C Programs Against Buffer Overflows
WCRE '03 Proceedings of the 10th Working Conference on Reverse Engineering
Mining Version Histories to Guide Software Changes
Proceedings of the 26th International Conference on Software Engineering
Empirical evaluation of defect projection models for widely-deployed production software systems
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Improving network applications security: a new heuristic to generate stress testing data
GECCO '05 Proceedings of the 7th annual conference on Genetic and evolutionary computation
An empirical study of code clone genealogies
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Enhancing Security Using Legality Assertions
WCRE '05 Proceedings of the 12th Working Conference on Reverse Engineering
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Have things changed now?: an empirical study of bug characteristics in modern open source software
Proceedings of the 1st workshop on Architectural and system support for improving software dependability
Tracking Code Clones in Evolving Software
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Automated Protection of PHP Applications Against SQL-injection Attacks
CSMR '07 Proceedings of the 11th European Conference on Software Maintenance and Reengineering
Milk or wine: does software security improve with age?
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Identifying Changed Source Code Lines from Version Repositories
MSR '07 Proceedings of the Fourth International Workshop on Mining Software Repositories
Which warnings should I fix first?
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
An empirical study on the evolution of design patterns
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Predicting vulnerable software components
Proceedings of the 14th ACM conference on Computer and communications security
Parfait: designing a scalable bug checker
Proceedings of the 2008 workshop on Static analysis
Tracking Your Changes: A Language-Independent Approach
IEEE Software
Handbook of Parametric and Nonparametric Statistical Procedures
Handbook of Parametric and Nonparametric Statistical Procedures
Relation of code clones and change couplings
FASE'06 Proceedings of the 9th international conference on Fundamental Approaches to Software Engineering
Investigating the evolution of code smells in object-oriented systems
Innovations in Systems and Software Engineering
Hi-index | 0.00 |
Vulnerable statements constitute a major problem for developers and maintainers of networking systems. Their presence can ease the success of security attacks, aimed at gaining unauthorized access to data and functionality, or at causing system crashes and data loss. Examples of attacks caused by source code vulnerabilities are buffer overflows, command injections, and cross-site scripting. This paper reports on an empirical study, conducted across three networking systems, aimed at observing the evolution and decay of vulnerabilities detected by three freely available static analysis tools. In particular, the study compares the decay of different kinds of vulnerabilities, characterizes the decay likelihood through probability density functions, and reports a quantitative and qualitative analysis of the reasons for vulnerability removals. The study is performed by using a framework that traces the evolution of source code fragments across subsequent commits.