A Double-Edged Sword? Software Reuse and Potential Security Vulnerabilities

机译：一把双刃剑？软件重用和潜在的安全漏洞

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Reuse is a common and often-advocated software development practice. Significant efforts have been invested into facilitating it, leading to advancements such as software forges, package managers, and the widespread integration of open source components into proprietary software systems. Reused software can make a system more secure through its maturity and extended vetting, or increase its vulnerabilities through a larger attack surface or insecure coding practices. To shed more light on this issue, we investigate the relationship between software reuse and potential security vulnerabilities, as assessed through static analysis. We empirically investigated 301 open source projects in a holistic multiple-case methods study. In particular, we examined the distribution of potential vulnerabilities between the native code created by a project's development team and external code reused through dependencies, as well as the correlation between the ratio of reuse and the density of vulnerabilities. The results suggest that the amount of potential vulnerabilities in both native and reused code increases with larger project sizes. We also found a weak-to-moderate correlation between a higher reuse ratio and a lower density of vulnerabilities. Based on these findings it appears that code reuse is neither a frightening werewolf introducing an excessive number of vulnerabilities nor a silver bullet for avoiding them.

机译：重用是一个常见而常见的软件开发实践。已经投入了重大努力，促进了它，导致诸如软件伪造，包管理器，开源组件的广泛集成等进步，进入专有软件系统。重复使用的软件可以通过其成熟度和扩展审查更安全，或通过更大的攻击面或不安全的编码实践增加其漏洞。要在此问题上阐明更轻，我们调查软件重用与潜在安全漏洞之间的关系，通过静态分析评估。我们经验在整体多案方法研究中调查了301个开源项目。特别是，我们检查了项目开发团队和通过依赖性重复使用的外部代码创建的本机代码之间的潜在漏洞的分布，以及重用与漏洞密度之间的相关性。结果表明，本机和重复使用代码中的潜在漏洞的数量随着更大的项目尺寸而增加。我们还发现更高的重用比率和较低的漏洞之间的弱与中等的相关性。基于这些发现，似乎代码重用既不是一个可怕的狼人都没有引入过多数量的漏洞，也不是为了避免它们的银弹。

著录项

来源
《International Conference on Software and Systems Reuse》|2019年|255p|共17页
会议地点
作者
Antonios Gkortzis; Daniel Feitosa; Diomidis Spinellis;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类 TP393-53;
关键词
Software reuse; Security vulnerabilities; Case study;

机译：软件重用;安全漏洞;案例分析;

相似文献

外文文献
中文文献
专利

1. Software reuse cuts both ways: An empirical analysis of its relationship with security vulnerabilities [J] . Antonios Gkortzis, Daniel Feitosa, Diomidis Spinellis The Journal of Systems and Software . 2021,第Feba期

机译：软件重用两种方式：与安全漏洞的关系实证分析
2. Neuromuscular junction mitochondrial enrichment: a “double-edged sword” underlying the selective motor neuron vulnerability in amyotrophic lateral sclerosis [J] . Topaz Altman, Eran Perlson Neural regeneration research . 2021,第1期

机译：神经肌肉交叉路口线粒体富集：肌营养侧面硬化症中选择性运动神经元脆弱性的“双刃剑”
3. Neuromuscular junction mitochondrial enrichment: a "double-edged sword" underlying the selective motor neuron vulnerability in amyotrophic lateral sclerosis [J] . Topaz Altman, Eran Perlson 中国神经再生研究（英文版） . 2021,第001期

机译：神经肌肉接头线粒体富集：肌萎缩性侧索硬化中选择性运动神经元易损性的“双刃剑”
4. A Double-Edged Sword? Software Reuse and Potential Security Vulnerabilities [C] . Antonios Gkortzis, Daniel Feitosa, Diomidis Spinellis International conference on software reuse . 2019

机译：双刃剑？软件重用和潜在的安全漏洞
5. A GIS-based multi-criteria decision support approach to stormwater Best Management Practices (BMPS): Identifying potential BMP vulnerable sites for effective water conservation and water reuse in Bernalillo County, New Mexico. [D] . Amankwatia, Kofi. 2015

机译：一种基于GIS的雨水最佳管理实践（BMPS）的多标准决策支持方法：在新墨西哥州的贝纳里洛县，确定潜在的BMP易受攻击的地点，以进行有效的节水和水再利用。
6. Tertiary Lymphoid Structures in Cancer: The Double-Edged Sword Role in Antitumor Immunity and Potential Therapeutic Induction Strategies [O] . Wendi Kang, Zhichao Feng, Jianwei Luo, 2021

机译：癌症中的第三次淋巴结结构：双刃剑在抗肿瘤免疫力和潜在治疗诱导策略中的作用
7. Trusting artificial intelligence in cybersecurity is a double-edged sword [O] . Mariarosaria Taddeo, Tom McCutcheon, Luciano Floridi 2019

机译：信任网络安全的人工智能是一把双刃剑

A Double-Edged Sword? Software Reuse and Potential Security Vulnerabilities

摘要

著录项

相似文献

相关主题

期刊订阅