메뉴 건너뛰기




Volumn 18, Issue 1, 2013, Pages 25-59

Can traditional fault prediction models be used for vulnerability prediction?

Author keywords

Automated text classification; Complexity metrics; Fault prediction; Open source project; Software metrics; Vulnerability prediction

Indexed keywords

COMPLEXITY METRICS; FAULT PREDICTION; OPEN SOURCE PROJECTS; SOFTWARE METRICS; TEXT CLASSIFICATION;

EID: 84872295305     PISSN: 13823256     EISSN: 15737616     Source Type: Journal    
DOI: 10.1007/s10664-011-9190-8     Document Type: Article
Times cited : (184)

References (44)
  • 1
    • 34248348339 scopus 로고    scopus 로고
    • Measuring, analyzing and predicting security vulnerabilities in software systems
    • 10.1016/j.cose.2006.10.002
    • Alhazmi OH, Malaiya YK, Ray I (2007) Measuring, analyzing and predicting security vulnerabilities in software systems. Comput Secur 26(3):219-228
    • (2007) Comput Secur , vol.26 , Issue.3 , pp. 219-228
    • Alhazmi, O.H.1    Malaiya, Y.K.2    Ray, I.3
  • 2
    • 70349105844 scopus 로고    scopus 로고
    • Is it a bug or an enhancement? A text-based approach to classify change requests
    • 27-30 Ontario, Canada
    • Antoniol G, Ayari K, Penta MD, Khomh F, Guéhéneuc Y-G (Oct. 27-30 2008) Is it a bug or an enhancement? A text-based approach to classify change requests. In: 2008 Conference of the Center for Advanced Studies on Collaborative Research, Ontario, Canada.
    • (2008) 2008 Conference of the Center for Advanced Studies on Collaborative Research
    • Antoniol, G.A.1
  • 5
    • 0001622174 scopus 로고    scopus 로고
    • A validation of object-oriented design metrics as quality indicators
    • 10.1109/32.544352
    • Basili VR, Briand LC, Melo WL (1996) A validation of object-oriented design metrics as quality indicators. IEEE Trans Software Eng 22(10):751-761
    • (1996) IEEE Trans Software Eng , vol.22 , Issue.10 , pp. 751-761
    • Basili, V.R.1    Briand, L.C.2    Melo, W.L.3
  • 7
    • 0019392830 scopus 로고
    • Comparison of sampling procedure and data analysis for a Land-Use and Land-Cover Map
    • Fitzpatrick-Linz K (1981) Comparison of sampling procedure and data analysis for a Land-Use and Land-Cover Map. Photogramm Eng Rem Sens 47(3):343-351
    • (1981) Photogramm Eng Rem Sens , vol.47 , Issue.3 , pp. 343-351
    • Fitzpatrick-Linz, K.1
  • 9
    • 70349244714 scopus 로고    scopus 로고
    • Oct. 27 Prioritizing software security fortification through code-level metrics Alexandria, Virginia
    • Gegick M, Williams L, Osborne J, Vouk M (Oct. 27 2008) Prioritizing software security fortification through code-level metrics. In: 4th ACM workshop on Quality of protection, Alexandria, Virginia, pp 31-38.
    • (2008) 4th ACM Workshop on Quality of Protection , pp. 31-38
    • Gegick, M.1    Williams, L.2    Osborne, J.3    Vouk, M.4
  • 10
    • 0034226738 scopus 로고    scopus 로고
    • Predicting fault incidence using software change history
    • 10.1109/32.859533
    • Graves TL, Karr AF, Marron JS, Siy H (2000) Predicting fault incidence using software change history. IEEE Trans Software Eng 26(7):653-661
    • (2000) IEEE Trans Software Eng , vol.26 , Issue.7 , pp. 653-661
    • Graves, T.L.1    Karr, A.F.2    Marron, J.S.3    Siy, H.4
  • 14
    • 77957294705 scopus 로고
    • IEEE Std 982.1-1988 IEEE standard dictionary of measures to produce reliable software
    • IEEE
    • IEEE (1988) IEEE Std 982.1-1988 IEEE standard dictionary of measures to produce reliable software. IEEE Computer Society.
    • (1988) IEEE Computer Society
  • 18
    • 0029754927 scopus 로고    scopus 로고
    • Early quality prediction: A case study in telecommunications
    • 10.1109/52.476287
    • Khoshgoftaar TM, Allen EB, Kalaichelvan KS, Goel N (1996) Early quality prediction: a case study in telecommunications. IEEE Software 13(1):65-71
    • (1996) IEEE Software , vol.13 , Issue.1 , pp. 65-71
    • Khoshgoftaar, T.M.1    Allen, E.B.2    Kalaichelvan, K.S.3    Goel, N.4
  • 21
  • 22
    • 49349089233 scopus 로고    scopus 로고
    • Benchmarking classification models for software defect prediction: A proposed framework and novel findings
    • 10.1109/TSE.2008.35
    • Lessmann S, Baesens B, Mues C, Pietsch S (2008) Benchmarking classification models for software defect prediction: a proposed framework and novel findings. IEEE Trans Software Eng 34(4):485-496
    • (2008) IEEE Trans Software Eng , vol.34 , Issue.4 , pp. 485-496
    • Lessmann, S.1    Baesens, B.2    Mues, C.3    Pietsch, S.4
  • 23
    • 0242410408 scopus 로고    scopus 로고
    • Benchmarking attribute selection techniques for discrete class data mining
    • Mark A. Hall, Holmes G (2003) Benchmarking attribute selection techniques for discrete class data mining. IEEE Trans Knowl Data Eng 15 (3).
    • (2003) IEEE Trans Knowl Data Eng , vol.15 , Issue.3
    • Hall, M.A.1    Holmes, G.2
  • 24
    • 0017291489 scopus 로고
    • A complexity measure
    • 445904 0352.68066 10.1109/TSE.1976.233837
    • McCabe TJ (1976) A complexity measure. IEEE Trans Software Eng 2(4):308-320
    • (1976) IEEE Trans Software Eng , vol.2 , Issue.4 , pp. 308-320
    • McCabe, T.J.1
  • 26
    • 74049133901 scopus 로고    scopus 로고
    • Secure open source collaboration: An empirical study of Linus' Law" computer and communications security
    • November Chicago, IL
    • Meneely A, Williams L (November 2009) Secure open source collaboration: an empirical study of Linus' Law" computer and communications security. In: Computer and Communications Security (CCS), Chicago, IL, pp 453-462.
    • (2009) Computer and Communications Security (CCS) , pp. 453-462
    • Meneely, A.1    Williams, L.2
  • 27
    • 34548245485 scopus 로고    scopus 로고
    • Problems with precision: A response to "comments on 'Data Mining Static Code Attributes to Learn Defect Predictors'
    • 10.1109/TSE.2007.70721
    • Menzies T, Dekhtyar A, Distefano J, Greenwald J (2007a) Problems with precision: a response to "Comments on 'Data Mining Static Code Attributes to Learn Defect Predictors'". IEEE Trans Software Eng 33(9):637-640
    • (2007) IEEE Trans Software Eng , vol.33 , Issue.9 , pp. 637-640
    • Menzies, T.1    Dekhtyar, A.2    Distefano, J.3    Greenwald, J.4
  • 28
    • 33845782503 scopus 로고    scopus 로고
    • Data mining static code attributes to learn defect predictors
    • 10.1109/TSE.2007.256941
    • Menzies T, Greenwald J, Frank A (2007b) Data mining static code attributes to learn defect predictors. IEEE Trans Software Eng 33(1):2-13
    • (2007) IEEE Trans Software Eng , vol.33 , Issue.1 , pp. 2-13
    • Menzies, T.1    Greenwald, J.2    Frank, A.3
  • 29
    • 77956972220 scopus 로고    scopus 로고
    • Defect prediction from static code feature: Current results, limitations, new approaches
    • 101007/s10515-010-0069-5
    • Menzies T, Milton Z, Turhan B, Cukic B, Jiang Y, Bener A (2010) Defect prediction from static code feature: current results, limitations, new approaches. Autom Softw Eng 17(4):doi: 10.1007/s10515-010-0069-5
    • (2010) Autom Softw Eng , vol.17 , Issue.4
    • Menzies, T.1    Milton, Z.2    Turhan, B.3    Cukic, B.4    Jiang, Y.5    Bener, A.6
  • 31
    • 33244463047 scopus 로고    scopus 로고
    • Use of relative code churn measures to predict system defect density
    • May 15-21 St. Louis, MO, USA
    • Nagappan N, Ball T (May 15-21 2005) Use of relative code churn measures to predict system defect density. In: the 27th International Conference on Software Engineering, St. Louis, MO, USA, pp 284-292.
    • (2005) The 27th International Conference on Software Engineering , pp. 284-292
    • Nagappan, N.1    Ball, T.2
  • 34
    • 0010361611 scopus 로고    scopus 로고
    • The economic impacts of inadequate infrastructure for software testing
    • NIST
    • NIST (2002) The economic impacts of inadequate infrastructure for software testing. National Institute of Standards & Technology.
    • (2002) National Institute of Standards & Technology
  • 35
    • 22944473604 scopus 로고    scopus 로고
    • Predicting the location and number of faults in large software systems
    • 10.1109/TSE.2005.49
    • Ostrand TJ, Weyuker EJ, Bell RM (2005) Predicting the location and number of faults in large software systems. IEEE Trans Software Eng 31(4):340-355
    • (2005) IEEE Trans Software Eng , vol.31 , Issue.4 , pp. 340-355
    • Ostrand, T.J.1    Weyuker, E.J.2    Bell, R.M.3
  • 38
    • 84948481845 scopus 로고
    • An algorithm for suffix stripping
    • 10.1108/eb046814
    • Porter MF (1980) An algorithm for suffix stripping. Program 16(3):130-137
    • (1980) Program , vol.16 , Issue.3 , pp. 130-137
    • Porter, M.F.1
  • 39
    • 84872330896 scopus 로고    scopus 로고
    • Geekonomics: The real cost of insecure software
    • Rice D (2007) Geekonomics: The real cost of insecure software. Addison-Wesley Professional
    • (2007) Addison-Wesley Professional
    • Ice, D.1
  • 40
    • 70349263324 scopus 로고    scopus 로고
    • Is complexity really the enemy of software security?
    • Oct. 27 Alexandria, Virginia, USA
    • Shin Y, Williams L (Oct. 27 2008) Is complexity really the enemy of software security? In: the 4th ACM Workshop on Quality of Protection, Alexandria, Virginia, USA, pp. 47-50.
    • (2008) The 4th ACM Workshop on Quality of Protection , pp. 47-50
    • Shin, Y.1    Williams, L.2
  • 41
    • 83555172467 scopus 로고    scopus 로고
    • Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities
    • Shin Y, Meneely A, Williams L (2011) Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities. IEEE Trans Software Eng.
    • (2011) IEEE Trans Software Eng
    • Shin, Y.1    Meneely, A.2    Williams, L.3


* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.