

Do Bugs Foreshadow Vulnerabilities? A Study of the Chromium Project

8 years 11 months ago
Do Bugs Foreshadow Vulnerabilities? A Study of the Chromium Project
Abstract—As developers face ever-increasing pressure to engineer secure software, researchers are building an understanding of security-sensitive bugs (i.e. vulnerabilities). Research into mining software repositories has greatly increased our understanding of software quality via empirical study of bugs. However, conceptually vulnerabilities are different from bugs: they represent abusive functionality as opposed to wrong or insufficient functionality commonly associated with traditional, non-security bugs. In this study, we performed an in-depth analysis of the Chromium project to empirically examine the relationship between bugs and vulnerabilities. We mined 374,686 bugs and 703 post-release vulnerabilities over five Chromium releases that span six years of development. Using logistic regression analysis, we examined how various categories of pre-release bugs (e.g. stability, compatibility, etc.) are associated with post-release vulnerabilities. While we found statistically sign...
Added 15 Apr 2016
Updated 15 Apr 2016
Type Journal
Year 2015
Where MSR
Comments (0)