Patrick Hilley’s research while affiliated with Providence College and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (1)


When Are OSS Developers More Likely to Introduce Vulnerable Code Changes? A Case Study
  • Conference Paper

May 2014

·

39 Reads

·

4 Citations

IFIP Advances in Information and Communication Technology

·

Jeffrey C. Carver

·

Munawar Hafiz

·

[...]

·

Derek Janni

We analyzed peer code review data of the Android Open Source Project (AOSP) to understand whether code changes that introduce security vulnerabilities, referred to as vulnerable code changes (VCC), occur at certain intervals. Using a systematic manual analysis process, we identified 60 VCCs. Our results suggest that AOSP developers were more likely to write VCCs prior to AOSP releases, while during the post-release period they wrote fewer VCCs. © IFIP International Federation for Information Processing 2014.

Citations (1)


... Big open-source projects like FreeBSD [46], Linux [47], and Mozilla [48] have been the focus of case studies. Topical analysis of vulnerabilities can take the corpus of code and has been done by matching Common Vulnerabilities and Exposuress (CVEs) numbers [49], [50], by using the code base for evaluation of static analysis tools [51]- [54], or vulnerability changes [55]- [58]. These changes are necessary to secure a codebase, so the patterns and development of fixes have been investigated [59]- [61]. ...

Reference:

It’s like flossing your teeth: On the Importance and Challenges of Reproducible Builds for Software Supply Chain Security
When Are OSS Developers More Likely to Introduce Vulnerable Code Changes? A Case Study
  • Citing Conference Paper
  • May 2014

IFIP Advances in Information and Communication Technology