Measuring the Occurrence of Security-Related Bugs through Software Evolution

Abstract

A security-related bug is a programming error that introduces a potentially exploitable weakness into a computer system. This weakness could lead to a security breach with unfortunate consequences. Version control systems provide an accurate historical record of the software code's evolution. In this paper we examine the frequency of the security-related bugs throughout the evolution of a software project by applying the Find Bugs static analyzer on all versions of its revision history. We have applied our approach on four projects and we have come out with some interesting results including the fact that the number of the security-related bugs increase as the project evolves.