Security vs. Maintainability: Fixing Vulnerabilities Obfuscates your Code

access_time February 07, 2019 at 02:00PM until February 07, 2019 at 04:00PM
place INESC-ID Room 418

Security is a crucial non-functionality requirement for software applications. However, building secure software is far from trivial as developers lack both the knowledge and tools to effectively address this concern. In this paper, we study the impact of changes to improve security on the maintainability of several open source applications. Using a dataset containing 607 security- oriented commits, we measure maintainability — as computed by the Software Improvement Group’s web-based source code analysis service Better Code Hub (BCH) — before and after the security refactoring. Results show that making software more secure comes at a cost on maintainability. This is particularly evident in refactorings to deal with Broken Authentication and Cross-Site Request Forgery attacks.

local_offer Research topics
person Candidate: Sofia Oliveira Reis N.º 91520
supervisor_account Advisor: Prof. Rui Filipe Lima Maranhão de Abreu