Title: Design churn as predictor of vulnerabilities?
Authors: Hovsepyan, Aram ×
Scandariato, Riccardo
Steff, Maximilian #
Joosen, Wouter #
Issue Date: Oct-2014
Publisher: Information Resources Management Association
Series Title: International Journal of Secure Software Engineering
Abstract: This paper evaluates a metric suite to predict vulnerable Java classes based on how much the design of an application has changed over time. We refer to this concept as design churn in analogy with code churn. Based on a validation on 10 Android applications, we show that several design churn metrics are in fact significantly associated with vulnerabilities. When used to build a prediction model, the metrics yield an average precision of 0.71 and an average recall of 0.27.
ISSN: 1947-3036
Publication status: accepted
KU Leuven publication type: IT
Appears in Collections:Informatics Section
× corresponding author
# (joint) last author

Files in This Item:
File Description Status SizeFormat
5. ijsse submission v2.pdfDesign churn as predictor of vulnerabilities? Submitted 534KbAdobe PDFView/Open


All items in Lirias are protected by copyright, with all rights reserved.