Conference paper Open Access

An Empirical Evaluation of the Relationship between Technical Debt and Software Security

Siavvas, Miltiadis; Tsoukalas, Dimitrios; Janković, Marija; Kehagias, Dionysios; Chatzigeorgiou, Alexander; Tzovaras, Dimitrios; Aničić, Nenad; Gelenbe, Erol


DCAT Export

<?xml version='1.0' encoding='utf-8'?>
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:adms="http://www.w3.org/ns/adms#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dct="http://purl.org/dc/terms/" xmlns:dctype="http://purl.org/dc/dcmitype/" xmlns:dcat="http://www.w3.org/ns/dcat#" xmlns:duv="http://www.w3.org/ns/duv#" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:frapo="http://purl.org/cerif/frapo/" xmlns:geo="http://www.w3.org/2003/01/geo/wgs84_pos#" xmlns:gsp="http://www.opengis.net/ont/geosparql#" xmlns:locn="http://www.w3.org/ns/locn#" xmlns:org="http://www.w3.org/ns/org#" xmlns:owl="http://www.w3.org/2002/07/owl#" xmlns:prov="http://www.w3.org/ns/prov#" xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#" xmlns:schema="http://schema.org/" xmlns:skos="http://www.w3.org/2004/02/skos/core#" xmlns:vcard="http://www.w3.org/2006/vcard/ns#" xmlns:wdrs="http://www.w3.org/2007/05/powder-s#">
  <rdf:Description rdf:about="https://doi.org/10.5281/zenodo.3379632">
    <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#anyURI">https://doi.org/10.5281/zenodo.3379632</dct:identifier>
    <foaf:page rdf:resource="https://doi.org/10.5281/zenodo.3379632"/>
    <dct:creator>
      <rdf:Description rdf:about="http://orcid.org/0000-0002-3251-8723">
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#string">0000-0002-3251-8723</dct:identifier>
        <foaf:name>Siavvas, Miltiadis</foaf:name>
        <foaf:givenName>Miltiadis</foaf:givenName>
        <foaf:familyName>Siavvas</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>Imperial College London</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description rdf:about="http://orcid.org/0000-0001-9986-0796">
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#string">0000-0001-9986-0796</dct:identifier>
        <foaf:name>Tsoukalas, Dimitrios</foaf:name>
        <foaf:givenName>Dimitrios</foaf:givenName>
        <foaf:familyName>Tsoukalas</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>Centre for Research and Technology Hellas</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Janković, Marija</foaf:name>
        <foaf:givenName>Marija</foaf:givenName>
        <foaf:familyName>Janković</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>Centre for Research and Technology Hellas</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Kehagias, Dionysios</foaf:name>
        <foaf:givenName>Dionysios</foaf:givenName>
        <foaf:familyName>Kehagias</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>Centre for Research and Technology Hellas</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Chatzigeorgiou, Alexander</foaf:name>
        <foaf:givenName>Alexander</foaf:givenName>
        <foaf:familyName>Chatzigeorgiou</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>Department of Applied Informatics, University of Macedonia</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Tzovaras, Dimitrios</foaf:name>
        <foaf:givenName>Dimitrios</foaf:givenName>
        <foaf:familyName>Tzovaras</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>Centre for Research and Technology Hellas</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Aničić, Nenad</foaf:name>
        <foaf:givenName>Nenad</foaf:givenName>
        <foaf:familyName>Aničić</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>Faculty of Organizational Sciences, University of Belgrade</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Gelenbe, Erol</foaf:name>
        <foaf:givenName>Erol</foaf:givenName>
        <foaf:familyName>Gelenbe</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>Imperial College London</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:title>An Empirical Evaluation of the Relationship between Technical Debt and Software Security</dct:title>
    <dct:publisher>
      <foaf:Agent>
        <foaf:name>Zenodo</foaf:name>
      </foaf:Agent>
    </dct:publisher>
    <dct:issued rdf:datatype="http://www.w3.org/2001/XMLSchema#gYear">2019</dct:issued>
    <dcat:keyword>software security</dcat:keyword>
    <dcat:keyword>technical debt</dcat:keyword>
    <dcat:keyword>vulnerability prediction</dcat:keyword>
    <dcat:keyword>empirical study</dcat:keyword>
    <dcat:keyword>static analysis</dcat:keyword>
    <frapo:isFundedBy rdf:resource="info:eu-repo/grantAgreement/EC/H2020/780572/"/>
    <schema:funder>
      <foaf:Organization>
        <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#string">10.13039/100010661</dct:identifier>
        <foaf:name>European Commission</foaf:name>
      </foaf:Organization>
    </schema:funder>
    <dct:issued rdf:datatype="http://www.w3.org/2001/XMLSchema#date">2019-08-28</dct:issued>
    <dct:language rdf:resource="http://publications.europa.eu/resource/authority/language/ENG"/>
    <owl:sameAs rdf:resource="https://zenodo.org/record/3379632"/>
    <adms:identifier>
      <adms:Identifier>
        <skos:notation rdf:datatype="http://www.w3.org/2001/XMLSchema#anyURI">https://zenodo.org/record/3379632</skos:notation>
        <adms:schemeAgency>url</adms:schemeAgency>
      </adms:Identifier>
    </adms:identifier>
    <dct:relation rdf:resource="https://doi.org/10.5281/zenodo.3374712"/>
    <dct:isVersionOf rdf:resource="https://doi.org/10.5281/zenodo.3379631"/>
    <owl:versionInfo>1.0</owl:versionInfo>
    <dct:description>&lt;p&gt;Technical Debt (TD) is commonly used in practice as a measure of software quality. Due to the potential overlap between software quality and software security, an interesting topic is to investigate whether TD can be used as a software security indicator as well. However, although some softwarerelated factors (e.g. software metrics) have been studied for their ability to indicate security risk in software products, no research attempts exist specifically focusing on TD. To this end, in the present study, we empirically evaluate the ability of TD to indicate security risks in software products. For this purpose, a relatively large code repository comprising 50 open-source software applications was constructed and analyzed using popular open-source static analysis tools, in order to calculate their TD and security level (i.e. vulnerability density). Subsequently, statistical analysis was employed, to assess the relationship between TD and software security. The results of the empirical study revealed a statistically significant positive and strong correlation between the TD and the vulnerability densities of the studied software products. This provides preliminary evidence for the ability of TD to be used as an indicator of software security. To the best of our knowledge, this is the first study that empirically evaluates the relationship between TD and software security.&lt;/p&gt;</dct:description>
    <dct:accessRights rdf:resource="http://publications.europa.eu/resource/authority/access-right/PUBLIC"/>
    <dct:accessRights>
      <dct:RightsStatement rdf:about="info:eu-repo/semantics/openAccess">
        <rdfs:label>Open Access</rdfs:label>
      </dct:RightsStatement>
    </dct:accessRights>
    <dct:license rdf:resource="https://creativecommons.org/licenses/by/4.0/legalcode"/>
    <dcat:distribution>
      <dcat:Distribution>
        <dcat:accessURL rdf:resource="https://doi.org/10.5281/zenodo.3379632"/>
        <dcat:byteSize>140518</dcat:byteSize>
        <dcat:downloadURL rdf:resource="https://zenodo.org/record/3379632/files/ICIST2019___On_the_ability_of_Technical_Debt_to_indicate_Software_Security___An_empirical_study.pdf"/>
        <dcat:mediaType>application/pdf</dcat:mediaType>
      </dcat:Distribution>
    </dcat:distribution>
  </rdf:Description>
  <foaf:Project rdf:about="info:eu-repo/grantAgreement/EC/H2020/780572/">
    <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#string">780572</dct:identifier>
    <dct:title>Software Development toolKit for Energy optimization and technical Debt elimination</dct:title>
    <frapo:isAwardedBy>
      <foaf:Organization>
        <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#string">10.13039/100010661</dct:identifier>
        <foaf:name>European Commission</foaf:name>
      </foaf:Organization>
    </frapo:isAwardedBy>
  </foaf:Project>
</rdf:RDF>
60
45
views
downloads
All versions This version
Views 6060
Downloads 4545
Data volume 6.3 MB6.3 MB
Unique views 5555
Unique downloads 4040

Share

Cite as