Security Improvement with Extracted Metrics of Software Repositories- Developer Activity Metric

Faculty of Electrical and Computer Engineering, University of Shiraz, Shiraz, IranAbstract: Security weaknesses in the different layers of existing software systems will lead to many cyber attacks against software systems. Software vulnerability is caused due to insecure coding and design. To improve the security of software systems, security weaknesses in the system must be identified and resolved. In general, to reduce number of vulnerabilities several automatic and manual methods have been proposed. Manual methods that are used to identify software vulnerability are using code visual monitoring to identify vulnerabilities. These methods are hard and time consuming. Therefore, researchers seek to provide automated methods for identifying security vulnerabilities. To this end, extracted metrics from software repositories can be used in vulnerability detection models. One of these metrics is Developer Activity Metric. In general, software development is a team work and human factors have a salient role in development process of the software. So these observations naturally lead us to investigate the effect of developer metrics on automatic vulnerability detection methods. In this context, eleven hypotheses on developer metrics have been proposed and statistical analyses on Developer Metrics for eleven versions of Mozilla Firefox are performed. During analysis, we found patterns of developer activity that has statistically significant effect on software vulnerability.