Visible to the public Scalable Cloud-Based Tool to Empirically Detect Vulnerable Code Patterns in Large-Scale System

TitleScalable Cloud-Based Tool to Empirically Detect Vulnerable Code Patterns in Large-Scale System
Publication TypeConference Paper
Year of Publication2020
AuthorsBlock, Matthew, Barcaskey, Benjamin, Nimmo, Andrew, Alnaeli, Saleh, Gilbert, Ian, Altahat, Zaid
Conference Name2020 IEEE International Conference on Electro Information Technology (EIT)
KeywordsBuffer overflows, Collaboration, Human Behavior, human factors, Linux, Metrics, Open Source Software, policy-based governance, pubcrawl, resilience, Resiliency, Safe Coding, security, Tools, XML
AbstractOpen-source development is a well-accepted model by software development communities from both academia and industry. Many companies and corporations adopt and use open source systems daily as a core component in their business activities. One of the most important factors that will determine the success of this model is security. The security of software systems is a combination of source code quality, stability, and vulnerabilities. Software vulnerabilities can be introduced by many factors, some of which are the way that programmers write their programs, their background on security standards, and safe programming practices. This paper describes a cloud-based software tool developed by the authors that can help our computing communities in both academia and research to evaluate their software systems on the source code level to help them identify and detect some of the well-known source code vulnerability patterns that can cause security issues if maliciously exploited. The paper also presents an empirical study on the prevalence of vulnerable C/C++ coding patterns inside three large-scale open-source systems comprising more than 42 million lines of source code. The historical data for the studied systems is presented over five years to uncover some historical trends to highlight the changes in the system analyzed over time concerning the presence of some of the source code vulnerabilities patterns. The majority of results show the continued usage of known unsafe functions.
DOI10.1109/EIT48999.2020.9208325
Citation Keyblock_scalable_2020