Abstract | ||
---|---|---|
In an empirical study of fourteen widely used open source PHP web applications, we found that the vulnerability density of the aggregate code base decreased from 8.88 vulnerabilities/KLOC to 3.30 from Summer 2006 to Summer 2008. Individual web applications varied widely, with vulnerability densities ranging from 0 to 121.4 at the beginning of the study. While the total number of security problems decreased, vulnerability density increased in eight of the fourteen applications over the analysis period. We developed a security resources indicator metric, which we found to be strongly correlated (ρ =0.67,p |
Year | DOI | Venue |
---|---|---|
2009 | 10.1109/ESEM.2009.5314215 | ESEM |
Keywords | Field | DocType |
data mining,empirical study,security,software metrics,static analysis tools,software metric,software measurement,cyclomatic complexity,internet,correlation,source code | Data mining,Source code,Computer science,Static analysis,Cyclomatic complexity,Theoretical computer science,Software,Web application,Software metric,Statistics,Software measurement,Vulnerability | Conference |
ISSN | Citations | PageRank |
1938-6451 | 20 | 1.20 |
References | Authors | |
9 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
James Walden | 1 | 157 | 9.77 |
Maureen Doyle | 2 | 57 | 8.43 |
Grant A. Welch | 3 | 20 | 1.20 |
Michael Whelan | 4 | 54 | 5.73 |