Collecting and categorizing software error data in an industrial environment
Journal of Systems and Software - Special issue on the fifth Minnowbrook workshop on software performance evaluation
Orthogonal Defect Classification-A Concept for In-Process Measurements
IEEE Transactions on Software Engineering - Special issue on software measurement principles, techniques, and environments
A taxonomy of computer program security flaws
ACM Computing Surveys (CSUR)
Safeware: system safety and computers
Safeware: system safety and computers
ICSM '01 Proceedings of the IEEE International Conference on Software Maintenance (ICSM'01)
Maintaining Software with a Security Perspective
ICSM '02 Proceedings of the International Conference on Software Maintenance (ICSM'02)
Software vulnerability analysis
Software vulnerability analysis
The Trustworthy Computing Security Development Lifecycle
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
A software flaw taxonomy: aiming tools at security
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Modeling the Vulnerability Discovery Process
ISSRE '05 Proceedings of the 16th IEEE International Symposium on Software Reliability Engineering
Software Security: Building Security In
Software Security: Building Security In
Towards a structured unified process for software security
Proceedings of the 2006 international workshop on Software engineering for secure systems
Analysis of software vulnerability
ISP'06 Proceedings of the 5th WSEAS International Conference on Information Security and Privacy
Software Security; A Vulnerability Activity Revisit
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
An Empirical Analysis of the Impact of Software Vulnerability Announcements on Firm Stock Price
IEEE Transactions on Software Engineering
Quantifying Security in Secure Software Development Phases
COMPSAC '08 Proceedings of the 2008 32nd Annual IEEE International Computer Software and Applications Conference
On the secure software development process: CLASP, SDL and Touchpoints compared
Information and Software Technology
Improving software testing via ODC: three case studies
IBM Systems Journal
Towards a unifying approach in understanding security problems
ISSRE'09 Proceedings of the 20th IEEE international conference on software reliability engineering
Assessment of windows system security using vulnerability relationship graph
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
| Hi-index | 0.00 |
Software defect data provide an invaluable source of information for developers, testers and so forth. A concise view of a software profile, its development process, and their relationships can be systematically extracted and analyzed to deduce adequate corrective measures based on previously discovered weaknesses. This kind of approach is being widely used in various projects to improve the quality of a software system. This paper builds on top of the orthogonal defect classification (ODC) scheme to provide a structured security-specific defect classification. We perform a detailed analysis on the classified data and obtain in-process feedback so that the next version of the software can be more secure and reliable. We experimented our customized methodology on Firefox and Chrome defect repositories using six consecutive versions and milestones, respectively. We found that in-process feedback can help development team to take corrective actions as early as possible. We also studied the correlations between software defect types and software development lifecycle to understand development improvement.