Conference paper Open Access

Is Popularity an Indicator of Software Security?

Siavvas, Miltiadis; Jankovic, Marija; Kehagias, Dionysios; Tzovaras, Dimitrios


MARC21 XML Export

<?xml version='1.0' encoding='UTF-8'?>
<record xmlns="http://www.loc.gov/MARC21/slim">
  <leader>00000nam##2200000uu#4500</leader>
  <datafield tag="540" ind1=" " ind2=" ">
    <subfield code="u">https://creativecommons.org/licenses/by/4.0/legalcode</subfield>
    <subfield code="a">Creative Commons Attribution 4.0 International</subfield>
  </datafield>
  <datafield tag="260" ind1=" " ind2=" ">
    <subfield code="c">2019-05-09</subfield>
  </datafield>
  <controlfield tag="005">20200120164757.0</controlfield>
  <controlfield tag="001">3379596</controlfield>
  <datafield tag="909" ind1="C" ind2="O">
    <subfield code="p">openaire</subfield>
    <subfield code="o">oai:zenodo.org:3379596</subfield>
  </datafield>
  <datafield tag="711" ind1=" " ind2=" ">
    <subfield code="d">25-27 September 2018</subfield>
    <subfield code="g">IS2018</subfield>
    <subfield code="a">2018 International Conference on Intelligent Systems (IS)</subfield>
    <subfield code="c">Funchal - Madeira, Portugal, Portugal</subfield>
  </datafield>
  <datafield tag="520" ind1=" " ind2=" ">
    <subfield code="a">&lt;p&gt;Although numerous research attempts can be found in the related literature focusing on the ability of software-related factors (e.g. software metrics) to indicate the existence of vulnerabilities in software applications, none of them have demonstrated perfect results. In addition, none of the existing studies have focused on the popularity of software products, which is an important characteristic of open-source software applications and libraries. To this end, in this paper, the ability of popularity (i.e. utilization) to indicate the existence of vulnerabilities and, in turn, to highlight the internal security level of software products is investigated. For this purpose, a relatively large software repository based on well-known libraries retrieved from the Maven Repository was constructed and its security was analyzed using a widely-used open-source static code analyzer. Correlation analysis was employed in order to examine whether a statistically significant correlation exists between the security and popularity of the selected software products. The preliminary results of the analysis suggest that popularity may not constitute a reliable indicator of the security level of software products. To the best of our knowledge, this is the first study that examines the relationship between the popularity of software products and their security level.&lt;/p&gt;</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Centre for Research and Technology Hellas, Thessaloniki, Greece</subfield>
    <subfield code="a">Jankovic, Marija</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Centre for Research and Technology Hellas, Thessaloniki, Greece</subfield>
    <subfield code="a">Kehagias, Dionysios</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Centre for Research and Technology Hellas, Thessaloniki, Greece</subfield>
    <subfield code="a">Tzovaras, Dimitrios</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">137664</subfield>
    <subfield code="z">md5:7d834adfe2a09cd3eceeddd32e018fe8</subfield>
    <subfield code="u">https://zenodo.org/record/3379596/files/IS2018___Is_popularity_an_indicator_of_software_security___.pdf</subfield>
  </datafield>
  <datafield tag="542" ind1=" " ind2=" ">
    <subfield code="l">open</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">publication</subfield>
    <subfield code="b">conferencepaper</subfield>
  </datafield>
  <datafield tag="100" ind1=" " ind2=" ">
    <subfield code="u">Imperial College London, London, SW7 2AZ, United Kingdom</subfield>
    <subfield code="0">(orcid)0000-0002-3251-8723</subfield>
    <subfield code="a">Siavvas, Miltiadis</subfield>
  </datafield>
  <datafield tag="041" ind1=" " ind2=" ">
    <subfield code="a">eng</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">software security</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">vulnerability assessment</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">vulnerability prediction</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">popularity</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">static analysis</subfield>
  </datafield>
  <datafield tag="024" ind1=" " ind2=" ">
    <subfield code="a">10.1109/IS.2018.8710484</subfield>
    <subfield code="2">doi</subfield>
  </datafield>
  <datafield tag="245" ind1=" " ind2=" ">
    <subfield code="a">Is Popularity an Indicator of Software Security?</subfield>
  </datafield>
  <datafield tag="536" ind1=" " ind2=" ">
    <subfield code="c">780572</subfield>
    <subfield code="a">Software Development toolKit for Energy optimization and technical Debt elimination</subfield>
  </datafield>
  <datafield tag="650" ind1="1" ind2="7">
    <subfield code="a">cc-by</subfield>
    <subfield code="2">opendefinition.org</subfield>
  </datafield>
</record>
60
107
views
downloads
Views 60
Downloads 107
Data volume 14.7 MB
Unique views 56
Unique downloads 103

Share

Cite as