Is complexity really the enemy of software security?

9 years 5 months ago
Is complexity really the enemy of software security?
Software complexity is often hypothesized to be the enemy of software security. We performed statistical analysis on nine code complexity metrics from the JavaScript Engine in the Mozilla application framework to investigate if this hypothesis is true. Our initial results show that the nine complexity measures have weak correlation (=0.30 at best) with security problems for Mozilla JavaScript Engine. The study should be replicated on more products with design and code-level metrics. It may be necessary to create new complexity metrics to embody the type of complexity that leads to security problems. Categories and Subject Descriptors D.2.8 [Software Engineering]: Complexity measures, Product metrics General Terms Measurement, Reliability, Security. Keywords Software metrics, security metrics, software complexity, reliability, fault prediction, vulnerability prediction
Yonghee Shin, Laurie Williams
Added 12 Oct 2010
Updated 12 Oct 2010
Type Conference
Year 2008
Where CCS
Authors Yonghee Shin, Laurie Williams
Comments (0)