A Case Study on Software Vulnerability Coordination

Context: Coordination is a fundamental tenet of software engineering. Coordination is required also for identifying discovered and disclosed software vulnerabilities with Common Vulnerabilities and Exposures (CVEs). Motivated by recent practical challenges, this paper examines the coordination of CVEs for open source projects through a public mailing list. Objective: The paper observes the historical time delays between the assignment of CVEs on a mailing list and the later appearance of these in the National Vulnerability Database (NVD). Drawing from research on software engineering coordination, software vulnerabilities, and bug tracking, the delays are modeled through three dimensions: social networks and communication practices, tracking infrastructures, and the technical characteristics of the CVEs coordinated. Method: Given a period between 2008 and 2016, a sample of over five thousand CVEs is used to model the delays with nearly fifty explanatory metrics. Regression analysis is used for the modeling. Results: The results show that the CVE coordination delays are affected by different abstractions for noise and prerequisite constraints. These abstractions convey effects from the social network and infrastructure dimensions. Particularly strong effect sizes are observed for annual and monthly control metrics, a control metric for weekends, the degrees of the nodes in the CVE coordination networks, and the number of references given in NVD for the CVEs archived. Smaller but visible effects are present for metrics measuring the entropy of the emails exchanged, traces to bug tracking systems, and other related aspects. The empirical signals are weaker for the technical characteristics. Conclusion: [...

IN RELATION TO EFFECTUAL BUG TRIAGE WITH COMPUTER PROGRAM INFORMATION REDUCTION METHODS

Software organizations spend more than 45 percent of cost in managing programming bugs. An unavoidable stride of settling bugs is bug triage, which intends to effectively dole out a designer to another bug. To diminish the time cost in manual work, content characterization systems are connected to lead programmed bug triage. In this paper, we address the issue of information decrease for bug triage, i.e., how to diminish the scale and enhance the nature of bug information. We consolidate occasion choice with highlight determination to all the while diminish information scale on the bug measurement and the word measurement. To decide the request of applying case choice and highlight determination, we separate characteristics from authentic bug informational indexes and assemble a prescient model for another bug informational collection. We experimentally research the execution of information lessening on absolutely 600,000 bug reports of two vast open source ventures, to be specific Eclipse and Mozilla. The outcomes demonstrate that our information lessening can viably decrease the information scale and enhance the precision of bug triage. Our work gives a way to deal with utilizing procedures on information handling to shape lessened and top notch bug information in programming advancement and upkeep

An empirical study of adoption of software testing in open source projects

Abstract—In software engineering, testing is a crucial ac-tivity that is designed to ensure the quality of program code. For this activity, software teams spend substantial resources constructing test cases to thoroughly assess the correctness of software functionality. What is the proportion of open source projects that include test cases? What is the effect of number of developers on the number of test cases? In this study, we explore open source projects and investigate the correlation between the presence of test cases and various project development characteristics, including the number of lines of code, the size of development teams and the quantity of bug reports. The results show that projects with test cases are bigger in size and projects with bigger team sizes have higher number of test cases. However, surprisingly, number of test cases has a weak correlation with the number of bugs. Keywords-Empirical study, Software testing, Adequacy, Test case