poster

A curated dataset of security defects in scientific software projects

Authors:

Justin Murphy,

Elias T. Brady,

Shazibul Islam Shamim,

Akond RahmanAuthors Info & Claims

HotSoS '20: Proceedings of the 7th Symposium on Hot Topics in the Science of Security

Article No.: 13, Pages 1 - 2

https://doi.org/10.1145/3384217.3384218

Published: 21 September 2020 Publication History

Get Access

Abstract

Scientific software is defined as software that is used to explore and analyze data to investigate unanswered research questions in the scientific community [6]. The domain of scientific software includes software needed to construct a research pipeline such as software for simulation and data analysis, large-scale dataset management, and mathematical libraries [4]. Programming languages such as Julia [1] are used to develop scientific software efficiently and achieve desired program execution time. Julia was used in Celeste¹, a software used in astronomy research. Celeste was used to load 178 terabytes of astronomical image data to produce a catalog of 188 million astronomical objects in 14.6 minutes². The Celeste-related example provides anecdotal evidence on the value of studying Julia-related projects from a cybersecurity perspective.

References

[1]

[n.d.]. The Julia Language. https://docs.julialang.org/en/v1/.

Google Scholar

[2]

Amiangshu Bosu, Jeffrey C. Carver, Munawar Hafiz, Patrick Hilley, and Derek Janni. 2014. Identifying the Characteristics of Vulnerable Code Changes: An Empirical Study (FSE 2014). Association for Computing Machinery, New York, NY, USA, 257--268.

Digital Library

Google Scholar

[3]

Jacob Cohen. 1960. A Coefficient of Agreement for Nominal Scales. Educational and Psychological Measurement 20, 1 (1960), 37--46. arXiv:http://dx.doi.org/10.1177/001316446002000104

Crossref

Google Scholar

[4]

George Thiruvathukal Jeffrey. Carver, Neil Hong. 2016. Software Engineering for Science (1st ed.). CRC Press, NY, NY, USA.

Google Scholar

[5]

Richard Landis and Gary Koch. 1977. The Measurement of Observer Agreement for Categorical Data. Biometrics 33, 1 (1977), 159--174. http://www.jstor.org/stable/2529310

Crossref

Google Scholar

[6]

E. S. Mesh and J. S. Hawker. 2013. Scientific software process improvement decisions: A proposed research strategy. In 2013 5th International Workshop on Software Engineering for Computational Science and Engineering (SE-CSE). 32--39.

Crossref

Google Scholar

[7]

Nuthan Munaiah, Steven Kroh, Craig Cabrey, and Meiyappan Nagappan. 2017. Curating GitHub for engineered software projects. Empirical Software Engineering (2017), 1--35.

Digital Library

Google Scholar

[8]

Akond Rahman, Amritanshu Agrawal, Rahul Krishna, and Alexander Sobran. 2018. Characterizing the Influence of Continuous Integration: Empirical Results from 250+ Open Source and Proprietary Projects (SWAN 2018). ACM, New York, NY, USA, 8--14.

Digital Library

Google Scholar

[9]

Johnny Saldaña. 2015. The coding manual for qualitative researchers. Sage.

Google Scholar

Cited By

View all

Zhang YMurphy JRahman A(2025)Come for syntax, stay for speed, write secure code: an empirical study of security weaknesses in Julia programsEmpirical Software Engineering10.1007/s10664-024-10606-w30:2Online publication date: 1-Mar-2025
https://dl.acm.org/doi/10.1007/s10664-024-10606-w
Rahman ABose DShakya RPandita R(2023)Come for syntax, stay for speed, understand defects: an empirical study of defects in Julia programsEmpirical Software Engineering10.1007/s10664-023-10328-528:4Online publication date: 14-Jun-2023
https://doi.org/10.1007/s10664-023-10328-5

Index Terms

A curated dataset of security defects in scientific software projects
1. Security and privacy
  1. Software and application security
    1. Software security engineering

Recommendations

Disciplinary differences of software use and impact in scientific literature
Abstract
Software plays an important role in the advancement of science. Software developers, users, and funding agencies have deep interests in the impact of software on science. This study investigates the use and impact of software by examining how ...
A survey of scientific software development
ESEM '10: Proceedings of the 2010 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement

Software for scientific research purposes has received increased attention in recent years. Case studies have noted development practices, limitations, and problems in the development of scientific software. However, applicability of the results of ...
Testing scientific software: A systematic literature review

Context: Scientific software plays an important role in critical decision making, for example making weather predictions based on climate models, and computation of evidence for research publications. Recently, scientists have had to retract ...

Comments

Information & Contributors

Information

Published In

HotSoS '20: Proceedings of the 7th Symposium on Hot Topics in the Science of Security

September 2020

189 pages

ISBN:9781450375610

DOI:10.1145/3384217

General Chair:
Perry Alexander
The University of Kansas
,
Program Chairs:
Drew Davidson
The University of Kansas
,
Baek-Young Choi
University of Missouri, Kansas City

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 September 2020

Check for updates

Author Tags

Qualifiers

Poster

Conference

HotSoS '20

HotSoS '20: Hot Topics in the Science of Security

September 21 - 23, 2020

Kansas, Lawrence

Acceptance Rates

Overall Acceptance Rate 34 of 60 submissions, 57%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
77
Total Downloads

Downloads (Last 12 months)16
Downloads (Last 6 weeks)1

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Zhang YMurphy JRahman A(2025)Come for syntax, stay for speed, write secure code: an empirical study of security weaknesses in Julia programsEmpirical Software Engineering10.1007/s10664-024-10606-w30:2Online publication date: 1-Mar-2025
https://dl.acm.org/doi/10.1007/s10664-024-10606-w
Rahman ABose DShakya RPandita R(2023)Come for syntax, stay for speed, understand defects: an empirical study of defects in Julia programsEmpirical Software Engineering10.1007/s10664-023-10328-528:4Online publication date: 14-Jun-2023
https://doi.org/10.1007/s10664-023-10328-5

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Disciplinary differences of software use and impact in scientific literature

A survey of scientific software development

Testing scientific software: A systematic literature review

Comments

Information

Published In

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations