Abstract
Program code that has been identified as vulnerable to malicious attack, irrespective of the system application domain, should receive a high level of developer ‘fix’ attention. In this paper, we present an empirical study of potential faults (or p-faults) attributed to code vulnerability in ten Java Open-Source Systems (OSS). The study used a tool to extract six different categories of potential and common fault embracing: code vulnerability, (lack of) program correctness, bad practice, multi-threaded correctness, questionable practice and performance. Two research questions were then investigated. Firstly, what patterns existed in the types of code vulnerability p-faults found in the ten systems? Secondly, were those p-faults related in any sense to the other types of p-fault identified by the tool? Results showed a high percentage of classes with vulnerability p-faults to contain no other forms of fault. However, a strong association between p-faults in the ‘bad practice’ category and vulnerability p-faults was observed in the remaining classes, suggesting the two categories may have a level of inter-dependence.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Basili V, Perricone B, Software errors and complexity: an empirical investigation, Comm. of the ACM, 27(1): 42-52, 1984.
Briand, L., Daly, J. and Wust, J., A Unified Framework for Coupling Measurement in Object-Oriented Systems, IEEE Trans. on Software Engineering, 25(1), pp. 91-121
Chen K., Schach S., Yu L., Offutt, J., Heller, G., Open-Source Change Logs, Empirical Software Engineering, 9(3), 197-210, 2004.
Chidamber, S and Kemerer, C., A Metrics Suite for Object Oriented Design, IEEE Transactions on.Software Engineering. vol. 20, no. 6, pp. 476-493, 1994.
Compton T, Withrow C, Prediction and Control of Ada Software Defects, Journal of Systems and Software, vol.12, pp. 199-207, 1990.
Fenton, N, Neil, M, A Critique of Software Defect Prediction Models. IEEE Trans. on Software Engineering. 25(5):279-295, 1999.
M. Fowler. Refactoring (Improving the Design of Existing Code). Addison Wesley, 1999.
Graves T., Karr A., Marron J., and Siy H., Predicting Fault Incidence Using Software Change History. IEEE Trans. on Soft, Eng,, 26(7), July 2000, pp.653–661.
Gyimothy T., Ferenc R., and Siket I., Empirical Validation of OO Metrics on Open Source Software for Fault Prediction TSE, Oct 2005, vol. 31 no 10, 897-910.
Hatton L., Re-examining the Fault Density – Component Size Connection. IEEE Software, March/April 1997, p.89–97.
Hovemeyer, D., and Pugh, W., Finding More Null Pointer Bugs, But Not Too Many, 7th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering, June, 2007.
Khoshgoftaar T., Allen E., Kalaichelvan K., and Goel N., Early Quality Prediction: A Case Study in Telecommunications. IEEE Software, Jan 1996, pp.65-71.
Li P., Herbsleb J., Shaw M., Finding Predictors of Field Defects for Open Source Software Systems in Commonly Available Data Sources: A Case Study of OpenBSD, Procs 11th IEEE International Software Metrics Symposium 2005, p. 32.
Moller K–H., and Paulish D., An Empirical Investigation of Software Fault Distribution. Proc. IEEE First International Software Metrics Symposium, Baltimore, Md., May 21–22, 1993, pp.82–90.
Ostrand T., Bell R., Weyuker E., Predicting the Location and Number of Faults in Large Software Systems. IEEE Trans on Software Engineering, 2005.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer Science+Business Media B.V.
About this paper
Cite this paper
Counsell, S., Swift, S. (2008). An Empirical Study of Potential Vulnerability Faults in Java Open-Source Software. In: Iskander, M. (eds) Innovative Techniques in Instruction Technology, E-learning, E-assessment, and Education. Springer, Dordrecht. https://doi.org/10.1007/978-1-4020-8739-4_91
Download citation
DOI: https://doi.org/10.1007/978-1-4020-8739-4_91
Publisher Name: Springer, Dordrecht
Print ISBN: 978-1-4020-8738-7
Online ISBN: 978-1-4020-8739-4
eBook Packages: Computer ScienceComputer Science (R0)