Conference paper Open Access

# Is Popularity an Indicator of Software Security?

Siavvas, Miltiadis; Jankovic, Marija; Kehagias, Dionysios; Tzovaras, Dimitrios

### DataCite XML Export

<?xml version='1.0' encoding='utf-8'?>
<identifier identifierType="URL">https://zenodo.org/record/3379596</identifier>
<creators>
<creator>
<familyName>Siavvas</familyName>
<nameIdentifier nameIdentifierScheme="ORCID" schemeURI="http://orcid.org/">0000-0002-3251-8723</nameIdentifier>
<affiliation>Imperial College London, London, SW7 2AZ, United Kingdom</affiliation>
</creator>
<creator>
<creatorName>Jankovic, Marija</creatorName>
<givenName>Marija</givenName>
<familyName>Jankovic</familyName>
<affiliation>Centre for Research and Technology Hellas, Thessaloniki, Greece</affiliation>
</creator>
<creator>
<creatorName>Kehagias, Dionysios</creatorName>
<givenName>Dionysios</givenName>
<familyName>Kehagias</familyName>
<affiliation>Centre for Research and Technology Hellas, Thessaloniki, Greece</affiliation>
</creator>
<creator>
<creatorName>Tzovaras, Dimitrios</creatorName>
<givenName>Dimitrios</givenName>
<familyName>Tzovaras</familyName>
<affiliation>Centre for Research and Technology Hellas, Thessaloniki, Greece</affiliation>
</creator>
</creators>
<titles>
<title>Is Popularity an Indicator of Software Security?</title>
</titles>
<publisher>Zenodo</publisher>
<publicationYear>2019</publicationYear>
<subjects>
<subject>software security</subject>
<subject>vulnerability assessment</subject>
<subject>vulnerability prediction</subject>
<subject>popularity</subject>
<subject>static analysis</subject>
</subjects>
<dates>
<date dateType="Issued">2019-05-09</date>
</dates>
<language>en</language>
<resourceType resourceTypeGeneral="ConferencePaper"/>
<alternateIdentifiers>
<alternateIdentifier alternateIdentifierType="url">https://zenodo.org/record/3379596</alternateIdentifier>
</alternateIdentifiers>
<relatedIdentifiers>
<relatedIdentifier relatedIdentifierType="DOI" relationType="IsIdenticalTo">10.1109/IS.2018.8710484</relatedIdentifier>
</relatedIdentifiers>
<version>1.0</version>
<rightsList>
<rights rightsURI="info:eu-repo/semantics/openAccess">Open Access</rights>
</rightsList>
<descriptions>
<description descriptionType="Abstract">&lt;p&gt;Although numerous research attempts can be found in the related literature focusing on the ability of software-related factors (e.g. software metrics) to indicate the existence of vulnerabilities in software applications, none of them have demonstrated perfect results. In addition, none of the existing studies have focused on the popularity of software products, which is an important characteristic of open-source software applications and libraries. To this end, in this paper, the ability of popularity (i.e. utilization) to indicate the existence of vulnerabilities and, in turn, to highlight the internal security level of software products is investigated. For this purpose, a relatively large software repository based on well-known libraries retrieved from the Maven Repository was constructed and its security was analyzed using a widely-used open-source static code analyzer. Correlation analysis was employed in order to examine whether a statistically significant correlation exists between the security and popularity of the selected software products. The preliminary results of the analysis suggest that popularity may not constitute a reliable indicator of the security level of software products. To the best of our knowledge, this is the first study that examines the relationship between the popularity of software products and their security level.&lt;/p&gt;</description>
</descriptions>
<fundingReferences>
<fundingReference>
<funderName>European Commission</funderName>
<funderIdentifier funderIdentifierType="Crossref Funder ID">10.13039/501100000780</funderIdentifier>
<awardNumber awardURI="info:eu-repo/grantAgreement/EC/H2020/780572/">780572</awardNumber>
<awardTitle>Software Development toolKit for Energy optimization and technical Debt elimination</awardTitle>
</fundingReference>
</fundingReferences>
</resource>

60
107
views