A Novel Approach to Determine Software Security Level using Bayes Classifier via Static Code Metrics

Technological developments are increasing day by day and software products are growing in an uncontrolled way. This leads to the development of applications which do not comply with principles of design. Software which has not passed security testing may put the end user into danger. During the processes of error detection and verification of developed software, static and dynamic analysis may be used. Static code analysis provides analysis in different categories while coding without code compile. Source code metrics are also within these categories. Code metrics evaluate software quality, level of risk, and interchangeability by analysing software based on those metrics. In this study, we will describe our web-based application which is developed to determine the level of security in software. In this scope, software's metric calculation method will be explained. The scoring system we used to determine the security level calculation will be explained, taking into account metric thresholds that are acceptable in the literature. Bayes Classifier Method, distinguishing risks in the project files with the analysis of uploaded sample software files, will be described. Finally, objectives of this analysis method and planned activities will be explained

An Entropy-Based Approach to Assessing Object-Oriented Software Maintainability and Degradation − A Method and Case Study

Abstract –The term ‘software entropy ’ has been anecdotally defined to mean that software declines in quality, maintainability and understandability though its lifetime. While there are numerous software metrics that assess “snapshots ” of software maintainability, few assess software degradation at multiple, discrete points in the life cycle. Assessing object-oriented (OO) software degradation is more art than science. Recently studies have shown that OO software degradation may be assessed by measuring the increase in the number of “links”, or coupling, within an abstraction model and between abstraction models f the software. We believe that software degradation may also be measured using cyclomatic complexity since it has been shown to be highly correlated with faultproneness of OO classes. We take the approach of defining software decay in terms of Shannon entropy and McCabe cyclomatic complexity using industry-established complexity threshold criteria. We use the Rosenberg WMC risk threshold criteria and the McCabe risk interpretation threshold criteria in our experiment. We applied this metric retrospectively to Mozilla Rhino, an open-source implementation of JavaScript written in Java. Our initial findings were inconclusive since the number of software revisions was limited. However, we conducted further analyses and showed that components with high cyclomatic complexities were associated with more maintenance activities than those components with lower cyclomatic complexities. Entropy scores showed the collection of OO classes requiring changes between software versions had a higher composite entropy score than those classes that did not undergo changes between software versions. Additionally, a pattern of repeated component modification was detected in our secondary analysis, indicating that possibly decision tree analysis may be more effective in analyzing software degradation