Conference paper Open Access

Is Popularity an Indicator of Software Security?

Siavvas, Miltiadis; Jankovic, Marija; Kehagias, Dionysios; Tzovaras, Dimitrios

Although numerous research attempts can be found in the related literature focusing on the ability of software-related factors (e.g. software metrics) to indicate the existence of vulnerabilities in software applications, none of them have demonstrated perfect results. In addition, none of the existing studies have focused on the popularity of software products, which is an important characteristic of open-source software applications and libraries. To this end, in this paper, the ability of popularity (i.e. utilization) to indicate the existence of vulnerabilities and, in turn, to highlight the internal security level of software products is investigated. For this purpose, a relatively large software repository based on well-known libraries retrieved from the Maven Repository was constructed and its security was analyzed using a widely-used open-source static code analyzer. Correlation analysis was employed in order to examine whether a statistically significant correlation exists between the security and popularity of the selected software products. The preliminary results of the analysis suggest that popularity may not constitute a reliable indicator of the security level of software products. To the best of our knowledge, this is the first study that examines the relationship between the popularity of software products and their security level.

Files (137.7 kB)
Name Size
IS2018___Is_popularity_an_indicator_of_software_security___.pdf
md5:7d834adfe2a09cd3eceeddd32e018fe8
137.7 kB Download
28
47
views
downloads
Views 28
Downloads 47
Data volume 6.5 MB
Unique views 27
Unique downloads 44

Share

Cite as