Sciweavers

ESEM
2008
ACM

An empirical model to predict security vulnerabilities using code complexity metrics

14 years 18 days ago
An empirical model to predict security vulnerabilities using code complexity metrics
Complexity is often hypothesized to be the enemy of software security. If this hypothesis is true, complexity metrics may be used to predict the locale of security problems and can be used to prioritize inspection and testing efforts. We performed statistical analysis on nine complexity metrics from the JavaScript Engine in the Mozilla application framework to find differences in code metrics between vulnerable and nonvulnerable code and to predict vulnerabilities. Our initial results show that complexity metrics can predict vulnerabilities at a low false positive rate, but at a high false negative rate. Categories and Subject Descriptors D.2.8 [Software Engineering]: Complexity measures, Product metrics General Terms Measurement, Reliability, Security.
Yonghee Shin, Laurie Williams
Added 19 Oct 2010
Updated 19 Oct 2010
Type Conference
Year 2008
Where ESEM
Authors Yonghee Shin, Laurie Williams
Comments (0)