Object-oriented software metrics in software code vulnerability analysis

Development of quality object-oriented software contains security as an integral aspect of that process. During that process, a ceaseless burden on the developers was posed in order to maximize the development and at the same time to reduce the expense and time invested in security. In this paper, the authors analyzed metrics for object-oriented software in order to evaluate and identify the relation between metric value and security of the software. Identification of these relations was achieved by study of software vulnerabilities with code level metrics. By using OWASP classification of vulnerabilities and experimental results, we proved that there was relation between metric values and possible security issues in software. For experimental code analysis, we have developed special software called SOFTMET.

[1]  Kazi Zakia Sultana,et al.  Evaluating micro patterns and software metrics in vulnerability prediction , 2017, 2017 6th International Workshop on Software Mining (SoftwareMining).

[2]  Laurie A. Williams,et al.  Mapping the field of software life cycle security metrics , 2018, Inf. Softw. Technol..

[3]  Maya Ingle,et al.  A Review of Security Metrics in Software Development Process , 2011 .

[4]  Edward A. Schneider Security architecture-based system design , 1999, NSPW '99.

[5]  Rachel Harrison,et al.  An overview of object-oriented design metrics , 1997, Proceedings Eighth IEEE International Workshop on Software Technology and Engineering Practice incorporating Computer Aided Software Engineering.

[6]  M. Alenezi,et al.  DISCOVERING THE RELATIONSHIP BETWEEN SOFTWARE COMPLEXITY AND SOFTWARE VULNERABILITIES , 2018 .

[7]  Hammad Afzal,et al.  Design pattern for secure object oriented information systems development , 2017, 2017 14th International Bhurban Conference on Applied Sciences and Technology (IBCAST).

[8]  Mohammad Zulkernine,et al.  Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities , 2011, J. Syst. Archit..

[9]  Manoj Kumar,et al.  An integrated framework for software vulnerability detection, analysis and mitigation: an autonomic system , 2017 .

[10]  Ashkan Sami,et al.  Using complexity metrics to improve software security , 2013 .

[11]  Colin J. Fidge,et al.  Security Metrics for Object-Oriented Designs , 2010, 2010 21st Australian Software Engineering Conference.

[12]  M. Upendra Kumar,et al.  STATISTICAL ANALYSIS FOR OBJECT ORIENTED DESIGN SOFTWARE SECURITY METRICS , 2010 .

[13]  Mamdouh Alenezi,et al.  On the Relationship between Software Complexity and Security , 2020, International Journal of Software Engineering & Applications.

[14]  Laurie A. Williams,et al.  Searching for a Needle in a Haystack: Predicting Security Vulnerabilities for Windows Vista , 2010, 2010 Third International Conference on Software Testing, Verification and Validation.

[15]  Diomidis Spinellis,et al.  A survey on software smells , 2018, J. Syst. Softw..

[16]  Sanjay Misra Evaluation Criteria for Object-oriented Metrics , 2011 .

[17]  Measurement , 2007 .

[18]  Hao Wang,et al.  Security metrics for software systems , 2009, ACM-SE 47.

[19]  A. En-Nouaary,et al.  Catalog of Metrics for Assessing Security Risks of Software throughout the Software Development Life Cycle , 2008, 2008 International Conference on Information Security and Assurance (isa 2008).

[20]  Deepak Arora,et al.  Software Quality Estimation through Object Oriented Design Metrics , 2011 .

[21]  Bora Caglayan,et al.  The relationship between evolutionary coupling and defects in large industrial software , 2017, J. Softw. Evol. Process..