Title :
The Evolution and Decay of Statically Detected Source Code Vulnerabilities
Author :
Penta, Massimiliano Di ; Cerulo, Luigi ; Aversano, Lerina
Author_Institution :
RCOST - Dept. of Eng., Univ. of Sannio, Benevento
Abstract :
The presence of vulnerable statements in the source code is a crucial problem for maintainers: properly monitoring and, if necessary, removing them is highly desirable to ensure high security and reliability. To this aim, a number of static analysis tools have been developed to detect the presence of instructions that can be subject to vulnerability attacks, ranging from buffer overflow exploitations to command injection and cross-site scripting.Based on the availability of existing tools and of data extracted from software repositories, this paper reports an empirical study on the evolution of vulnerable statements detected in three software systems with different static analysis tools. Specifically, the study investigates on vulnerability evolution trends and on the decay time exhibited by different kinds of vulnerabilities.
Keywords :
buffer storage; program diagnostics; security of data; software reliability; software tools; buffer overflow exploitations; command injection; cross-site scripting; software repository; software systems; static analysis tools; statically detected source code vulnerability; vulnerability attacks; vulnerable statements; Application software; Availability; Buffer overflow; Data analysis; Maintenance engineering; Pattern analysis; Performance analysis; Protection; Security; Software tools; empirical study; mining software repositories; software vulnerabilities;
Conference_Titel :
Source Code Analysis and Manipulation, 2008 Eighth IEEE International Working Conference on
Conference_Location :
Beijing
Print_ISBN :
978-0-7695-3353-7
DOI :
10.1109/SCAM.2008.20
