ABSTRACT

Vulnerability prediction facilitates the development of secure software, as it enables the identification and mitigation of security risks early enough in the software development lifecycle. Although several factors have been studied for their ability to indicate software security risk, very limited attention has been given to technical debt (TD), despite its potential relevance to software security. To this end, in the present study, we investigate the ability of common TD indicators to indicate security risks in software products, both at project-level and at class-level of granularity. Our findings suggest that TD indicators may potentially act as security indicators as well.

摘要

漏洞预测有助于安全软件的开发，因为它可以在软件开发生命周期的早期识别和缓解安全风险。尽管已经研究了几个因素来表明软件安全风险的能力，但对技术债务 (TD) 的关注非常有限，尽管它与软件安全具有潜在的相关性。为此，在本研究中，我们调查了常见 TD 指标在项目级别和粒度级别级别指示软件产品安全风险的能力。我们的研究结果表明，TD 指标也可能充当安全指标。