Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ESEM
2008
ACM
2008
ACM
An empirical model to predict security vulnerabilities using code complexity metrics
Complexity is often hypothesized to be the enemy of software security. If this hypothesis is true, complexity metrics may be used to predict the locale of security problems and can be used to prioritize inspection and testing efforts. We performed statistical analysis on nine complexity metrics from the JavaScript Engine in the Mozilla application framework to find differences in code metrics between vulnerable and nonvulnerable code and to predict vulnerabilities. Our initial results show that complexity metrics can predict vulnerabilities at a low false positive rate, but at a high false negative rate. Categories and Subject Descriptors D.2.8 [Software Engineering]: Complexity measures, Product metrics General Terms Measurement, Reliability, Security.
Real-time TrafficRelated Content
| Added | 19 Oct 2010 |
| Updated | 19 Oct 2010 |
| Type | Conference |
| Year | 2008 |
| Where | ESEM |
| Authors | Yonghee Shin, Laurie Williams |
Comments (0)
Researcher Info
|
