Patchworking: Exploring the code changes induced by vulnerability fixing activities

[1]  Andreas Zeller,et al.  The impact of tangled code changes , 2013, 2013 10th Working Conference on Mining Software Repositories (MSR).

[2]  Gregg Rothermel,et al.  Whole program path-based dynamic impact analysis , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[3]  Gerardo Canfora,et al.  Investigating the vulnerability fixing process in OSS projects: Peculiarities and challenges , 2020, Comput. Secur..

[4]  Matias Martinez,et al.  Coming: A Tool for Mining Change Pattern Instances from Git Commits , 2018, 2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion).

[5]  Claire Le Goues,et al.  Using a probabilistic model to predict bug fixes , 2018, 2018 IEEE 25th International Conference on Software Analysis, Evolution and Reengineering (SANER).

[6]  Lionel C. Briand,et al.  Using coupling measurement for impact analysis in object-oriented systems , 1999, Proceedings IEEE International Conference on Software Maintenance - 1999 (ICSM'99). 'Software Maintenance for Business Change' (Cat. No.99CB36360).

[7]  Zhendong Su,et al.  An Empirical Study on Real Bug Fixes , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[8]  Matias Martinez,et al.  Fine-grained and accurate source code differencing , 2014, ASE.

[9]  Rocco Oliveto,et al.  Fixing of Security Vulnerabilities in Open Source Projects: A Case Study of Apache HTTP Server and Apache Tomcat , 2019, 2019 12th IEEE Conference on Software Testing, Validation and Verification (ICST).

[10]  Corrado Aaron Visaggio,et al.  Investigating the criticality of user‐reported issues through their relations with app rating , 2020, J. Softw. Evol. Process..

[11]  Hareton K. N. Leung,et al.  A survey of code‐based change impact analysis techniques , 2013, Softw. Test. Verification Reliab..

[12]  James E. Tomayko,et al.  The structural complexity of software an experimental test , 2005, IEEE Transactions on Software Engineering.

[13]  Ahmed E. Hassan,et al.  Security versus performance bugs: a case study on Firefox , 2011, MSR '11.

[14]  Jacques Klein,et al.  Profiling Android Vulnerabilities , 2016, 2016 IEEE International Conference on Software Quality, Reliability and Security (QRS).

[15]  Alex X. Liu,et al.  Large Scale Characterization of Software Vulnerability Life Cycles , 2020, IEEE Transactions on Dependable and Secure Computing.

[16]  Veit Frick,et al.  Understanding Software Changes: Extracting, Classifying, and Presenting Fine-Grained Source Code Changes , 2020, 2020 IEEE/ACM 42nd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion).

[17]  W. Kruskal,et al.  Use of Ranks in One-Criterion Variance Analysis , 1952 .

[18]  Hossain Shahriar,et al.  Rule-Based Source Level Patching of Buffer Overflow Vulnerabilities , 2013, 2013 10th International Conference on Information Technology: New Generations.

[19]  Andrew Meneely,et al.  Do Bugs Foreshadow Vulnerabilities? A Study of the Chromium Project , 2015, 2015 IEEE/ACM 12th Working Conference on Mining Software Repositories.

[20]  Robert H. Deng,et al.  VuRLE: Automatic Vulnerability Detection and Repair by Learning from Examples , 2017, ESORICS.

[21]  Syed Nadeem Ahsan,et al.  Predicting bug inducing source code change patterns , 2016, 2016 International Conference on Open Source Systems & Technologies (ICOSST).

[22]  Manishankar Mondal,et al.  Associating Code Clones with Association Rules for Change Impact Analysis , 2020, 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER).

[23]  Kazi Zakia Sultana,et al.  A study examining relationships between micro patterns and security vulnerabilities , 2017, Software Quality Journal.

[24]  Huzefa H. Kagdi,et al.  Impact analysis of change requests on source code based on interaction and commit histories , 2014, MSR 2014.

[25]  Gerardo Canfora,et al.  Impact analysis by mining software and change request repositories , 2005, 11th IEEE International Software Metrics Symposium (METRICS'05).

[26]  Kazi Zakia Sultana,et al.  Correlation Analysis among Java Nano-Patterns and Software Vulnerabilities , 2017, 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE).

[27]  H. Abdi The Kendall Rank Correlation Coefficient , 2007 .

[28]  Gabriele Bavota,et al.  An Empirical Study on Android-Related Vulnerabilities , 2017, 2017 IEEE/ACM 14th International Conference on Mining Software Repositories (MSR).

[29]  Claire Le Goues,et al.  Automated program repair , 2019, Commun. ACM.

[30]  Tao Ye,et al.  An Empirical Study on Detecting and Fixing Buffer Overflow Bugs , 2016, 2016 IEEE International Conference on Software Testing, Verification and Validation (ICST).

[31]  Tomasz Imielinski,et al.  Mining association rules between sets of items in large databases , 1993, SIGMOD Conference.

[32]  David Lie,et al.  Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Response , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[33]  Michele Bezzi,et al.  A Manually-Curated Dataset of Fixes to Vulnerabilities of Open-Source Software , 2019, 2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR).

[34]  Basel Katt,et al.  Source Code Patterns of SQL Injection Vulnerabilities , 2017, ARES.

[35]  Matias Martinez,et al.  Mining software repair models for reasoning on the search space of automated program fixing , 2013, Empirical Software Engineering.

[36]  Tibor Gyimóthy,et al.  Using information retrieval based coupling measures for impact analysis , 2009, Empirical Software Engineering.

[37]  Vern Paxson,et al.  A Large-Scale Empirical Study of Security Patches , 2017, CCS.

[38]  Yaqin Zhou,et al.  Automated identification of security issues from commit messages and bug reports , 2017, ESEC/SIGSOFT FSE.

[39]  Cleotilde Gonzalez,et al.  Effects of cyber security knowledge on attack detection , 2015, Comput. Hum. Behav..

[40]  Michele Bezzi,et al.  A Practical Approach to the Automatic Classification of Security-Relevant Commits , 2018, 2018 IEEE International Conference on Software Maintenance and Evolution (ICSME).

[41]  Shawn A. Bohner,et al.  Impact analysis in the software change process: a year 2000 perspective , 1996, 1996 Proceedings of International Conference on Software Maintenance.

[42]  M. Urbanchek,et al.  The Seven Deadly Sins of Statistical Analysis , 1996, Annals of plastic surgery.

[43]  Stefan Fenz,et al.  Formalizing information security knowledge , 2009, ASIACCS '09.

[44]  Václav Rajlich,et al.  Incremental change in object-oriented programming , 2004, IEEE Software.

[45]  Gerardo Canfora,et al.  Summarizing vulnerabilities' descriptions to support experts during vulnerability assessment activities , 2019, J. Syst. Softw..

[46]  S. Shapiro,et al.  An Analysis of Variance Test for Normality (Complete Samples) , 1965 .

[47]  Claire Le Goues,et al.  GenProg: A Generic Method for Automatic Software Repair , 2012, IEEE Transactions on Software Engineering.

[48]  Dongmei Zhang,et al.  How do software engineers understand code changes?: an exploratory study in industry , 2012, SIGSOFT FSE.

[49]  Ramakrishnan Srikant,et al.  Fast Algorithms for Mining Association Rules in Large Databases , 1994, VLDB.

[50]  Frank Tip,et al.  Change impact analysis for object-oriented programs , 2001, PASTE '01.

[51]  Yuanyuan Zhou,et al.  Bug characteristics in open source software , 2013, Empirical Software Engineering.

[52]  Giuliano Antoniol,et al.  Identifying the starting impact set of a maintenance request: a case study , 2000, Proceedings of the Fourth European Conference on Software Maintenance and Reengineering.