10.5281/zenodo.3379632
https://zenodo.org/records/3379632
oai:zenodo.org:3379632
Siavvas, Miltiadis
Miltiadis
Siavvas
0000-0002-3251-8723
Imperial College London
Tsoukalas, Dimitrios
Dimitrios
Tsoukalas
0000-0001-9986-0796
Centre for Research and Technology Hellas
Janković, Marija
Marija
Janković
Centre for Research and Technology Hellas
Kehagias, Dionysios
Dionysios
Kehagias
Centre for Research and Technology Hellas
Chatzigeorgiou, Alexander
Alexander
Chatzigeorgiou
Department of Applied Informatics, University of Macedonia
Tzovaras, Dimitrios
Dimitrios
Tzovaras
Centre for Research and Technology Hellas
Aničić, Nenad
Nenad
Aničić
Faculty of Organizational Sciences, University of Belgrade
Gelenbe, Erol
Erol
Gelenbe
Imperial College London
An Empirical Evaluation of the Relationship between Technical Debt and Software Security
Zenodo
2019
software security
technical debt
vulnerability prediction
empirical study
static analysis
2019-08-28
eng
10.5281/zenodo.3374712
10.5281/zenodo.3379631
https://zenodo.org/communities/eu
1.0
Creative Commons Attribution 4.0 International
Technical Debt (TD) is commonly used in practice as a measure of software quality. Due to the potential overlap between software quality and software security, an interesting topic is to investigate whether TD can be used as a software security indicator as well. However, although some softwarerelated factors (e.g. software metrics) have been studied for their ability to indicate security risk in software products, no research attempts exist specifically focusing on TD. To this end, in the present study, we empirically evaluate the ability of TD to indicate security risks in software products. For this purpose, a relatively large code repository comprising 50 open-source software applications was constructed and analyzed using popular open-source static analysis tools, in order to calculate their TD and security level (i.e. vulnerability density). Subsequently, statistical analysis was employed, to assess the relationship between TD and software security. The results of the empirical study revealed a statistically significant positive and strong correlation between the TD and the vulnerability densities of the studied software products. This provides preliminary evidence for the ability of TD to be used as an indicator of software security. To the best of our knowledge, this is the first study that empirically evaluates the relationship between TD and software security.
European Commission
10.13039/501100000780
780572
Software Development toolKit for Energy optimization and technical Debt elimination