Despite being discouraged, client developers often use internal interfaces, which may cause their systems to fail when they evolve.
#No mj on jstock software
The results of our survey with practitioners supports our hypothesis that quality and security need to be considered together to provide relevant refactoring recommendations.Ĭommonly, software systems have public (and stable) interfaces, and internal (and possibly unstable) interfaces. We evaluated our approach on six open source projects and one industrial system to check the correctness and relevance of the refactorings targeting security critical code. To find a trade-off between the quality issues and security-critical files, we adopted a multi-objective search strategy. Then, our approach recommends refactorings to prioritize fixing quality issues in these security-critical files to improve quality attributes and remove identified code smells. After identifying these security-related files, we estimate their risks using static analysis to check their coupling with other project components. In this paper, we use the history of vulnerabilities and security bug reports along with a set of keywords to automatically identify a project’s security-critical files based on its source code, bug reports, pull-request descriptions and commit messages. These quality issues may increase the attack surface if they are not quickly refactored. It is vitally important to fix quality issues in security-critical code as they may be sources of vulnerabilities in the future.
0 kommentar(er)
