An empirical study of security issues posted in open source projects

Author

Mansooreh ZAHEDI
M. Ali BABAR
Christoph TREUDE, Singapore Management UniversityFollow

Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

8-2018

Abstract

When developers gain thorough understanding and knowledge of software security, they can produce more secure software. This study aims at empirically identifying and understanding the security issues posted on a random sample of GitHub repositories. We tried to understand the presence of security issues and their key themes and topics. We applied a mixedmethods approach, combining topic modeling techniques and qualitative analysis. Our findings have revealed that a) the rate of security-related issues was rather small (approx. 3% of all issues), b) the majority of the security issues were related to identity management and cryptography topics. We present 7 high-level themes of problems that developers face in implementing security features.

Discipline

Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

Proceedings of the 2019 IEEE/ACM 51st International Conference on Advances in Social Networks Analysis and Mining (ASONAM), Vancouver, Canada, August 27-30

First Page

5504

Last Page

5513

ISBN

9780998133119

Identifier

10.1145/3341161.3343520

Publisher

IEEE Computer Society

City or Country

Los Alamitos, CA

Citation

ZAHEDI, Mansooreh; BABAR, M. Ali; and TREUDE, Christoph. An empirical study of security issues posted in open source projects. (2018). Proceedings of the 2019 IEEE/ACM 51st International Conference on Advances in Social Networks Analysis and Mining (ASONAM), Vancouver, Canada, August 27-30. 5504-5513.
Available at: https://ink.library.smu.edu.sg/sis_research/8933

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1145/3341161.3343520