Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Discipline
-
- Software Engineering (30)
- Programming Languages and Compilers (7)
- Databases and Information Systems (6)
- Artificial Intelligence and Robotics (4)
- Information Security (4)
-
- Engineering (3)
- Numerical Analysis and Scientific Computing (3)
- Business (2)
- Computer Engineering (2)
- Communication (1)
- Contracts (1)
- Data Storage Systems (1)
- Digital Communications and Networking (1)
- E-Commerce (1)
- Finance and Financial Management (1)
- Law (1)
- Operations Research, Systems Engineering and Industrial Engineering (1)
- Social Media (1)
- Social and Behavioral Sciences (1)
- Publication Year
- Publication
- Publication Type
Articles 31 - 39 of 39
Full-Text Articles in Physical Sciences and Mathematics
An Empirical Assessment Of Bellon's Clone Benchmark, Alan Charpentier, Jean-Rémy Falleri, David Lo, Laurent Reveillere
An Empirical Assessment Of Bellon's Clone Benchmark, Alan Charpentier, Jean-Rémy Falleri, David Lo, Laurent Reveillere
Research Collection School Of Computing and Information Systems
Context: Clone benchmarks are essential to the assessment and improvement of clone detection tools and algorithms. Among existing benchmarks, Bellon's benchmark is widely used by the research community. However, a serious threat to the validity of this benchmark is that reference clones it contains have been manually validated by Bellon alone. Other persons may disagree with Bellon's judgment. Objective: In this paper, we perform an empirical assessment of Bellon's benchmark. Method: We seek the opinion of eighteen participants on a subset of Bellon's benchmark to determine if researchers should trust the reference clones it contains. Results: Our experiment shows that …
Web Application Vulnerability Prediction Using Hybrid Program Analysis And Machine Learning, Lwin Khin Shar, Lionel Briand, Hee Beng Kuan Tan
Web Application Vulnerability Prediction Using Hybrid Program Analysis And Machine Learning, Lwin Khin Shar, Lionel Briand, Hee Beng Kuan Tan
Research Collection School Of Computing and Information Systems
Due to limited time and resources, web software engineers need support in identifying vulnerable code. A practical approach to predicting vulnerable code would enable them to prioritize security auditing efforts. In this paper, we propose using a set of hybrid (staticþdynamic) code attributes that characterize input validation and input sanitization code patterns and are expected to be significant indicators of web application vulnerabilities. Because static and dynamic program analyses complement each other, both techniques are used to extract the proposed attributes in an accurate and scalable way. Current vulnerability prediction techniques rely on the availability of data labeled with vulnerability …
To What Extent Could We Detect Field Defects? An Extended Empirical Study Of False Negatives In Static Bug Finding Tools, Ferdian Thung, Lucia Lucia, David Lo, Lingxiao Jiang, Foyzur Rahman, Premkumar Devanbu
To What Extent Could We Detect Field Defects? An Extended Empirical Study Of False Negatives In Static Bug Finding Tools, Ferdian Thung, Lucia Lucia, David Lo, Lingxiao Jiang, Foyzur Rahman, Premkumar Devanbu
Research Collection School Of Computing and Information Systems
Software defects can cause much loss. Static bug-finding tools are designed to detect and remove software defects and believed to be effective. However, do such tools in fact help prevent actual defects that occur in the field and reported by users? If these tools had been used, would they have detected these field defects, and generated warnings that would direct programmers to fix them? To answer these questions, we perform an empirical study that investigates the effectiveness of five state-of-the-art static bug-finding tools (FindBugs, JLint, PMD, CheckStyle, and JCSC) on hundreds of reported and fixed defects extracted from three open …
An Empirical Study Of Adoption Of Software Testing In Open Source Projects, Pavneet Singh Kochhar, Tegawende F. Bissyande, David Lo, Lingxiao Jiang
An Empirical Study Of Adoption Of Software Testing In Open Source Projects, Pavneet Singh Kochhar, Tegawende F. Bissyande, David Lo, Lingxiao Jiang
Research Collection School Of Computing and Information Systems
In software engineering, testing is a crucial activity that is designed to ensure the quality of program code. For this activity, software teams spend substantial resources constructing test cases to thoroughly assess the correctness of software functionality. What is the proportion of open source projects that include test cases? What is the effect of number of developers on the number of test cases? In this study, we explore open source projects and investigate the correlation between the presence of test cases and various project development characteristics, including the number of lines of code, the size of development teams and the …
Mining Sql Injection And Cross Site Scripting Vulnerabilities Using Hybrid Program Analysis, Lwin Khin Shar, Hee Beng Kuan Tan, Lionel C. Briand
Mining Sql Injection And Cross Site Scripting Vulnerabilities Using Hybrid Program Analysis, Lwin Khin Shar, Hee Beng Kuan Tan, Lionel C. Briand
Research Collection School Of Computing and Information Systems
In previous work, we proposed a set of static attributes that characterize input validation and input sanitization code patterns. We showed that some of the proposed static attributes are significant predictors of SQL injection and cross site scripting vulnerabilities. Static attributes have the advantage of reflecting general properties of a program. Yet, dynamic attributes collected from execution traces may reflect more specific code characteristics that are complementary to static attributes. Hence, to improve our initial work, in this paper, we propose the use of dynamic attributes to complement static attributes in vulnerability prediction. Furthermore, since existing work relies on supervised …
Predicting Sql Injection And Cross Site Scripting Vulnerabilities Through Mining Input Sanitization Patterns, Lwin Khin Shar, Hee Beng Kuan Tan
Predicting Sql Injection And Cross Site Scripting Vulnerabilities Through Mining Input Sanitization Patterns, Lwin Khin Shar, Hee Beng Kuan Tan
Research Collection School Of Computing and Information Systems
ContextSQL injection (SQLI) and cross site scripting (XSS) are the two most common and serious web application vulnerabilities for the past decade. To mitigate these two security threats, many vulnerability detection approaches based on static and dynamic taint analysis techniques have been proposed. Alternatively, there are also vulnerability prediction approaches based on machine learning techniques, which showed that static code attributes such as code complexity measures are cheap and useful predictors. However, current prediction approaches target general vulnerabilities. And most of these approaches locate vulnerable code only at software component or file levels. Some approaches also involve process attributes that …
Adoption Of Software Testing In Open Source Projects: A Preliminary Study On 50,000 Projects, Pavneet Singh Kochhar, Tegawende F. Bissyande, David Lo, Lingxiao Jiang
Adoption Of Software Testing In Open Source Projects: A Preliminary Study On 50,000 Projects, Pavneet Singh Kochhar, Tegawende F. Bissyande, David Lo, Lingxiao Jiang
Research Collection School Of Computing and Information Systems
In software engineering, testing is a crucial activity that is designed to ensure the quality of program code. For this activity, development teams spend substantial resources constructing test cases to thoroughly assess the correctness of software functionality. What is however the proportion of open source projects that include test cases? What kind of projects are more likely to include test cases? In this study, we explore 50,000 projects and investigate the correlation between the presence of test cases and various project development characteristics, including the lines of code and the size of development teams.
Predicting Common Web Application Vulnerabilities From Input Validation And Sanitization Code Patterns, Lwin Khin Shar, Hee Beng Kuan Tan
Predicting Common Web Application Vulnerabilities From Input Validation And Sanitization Code Patterns, Lwin Khin Shar, Hee Beng Kuan Tan
Research Collection School Of Computing and Information Systems
Software defect prediction studies have shown that defect predictors built from static code attributes are useful and effective. On the other hand, to mitigate the threats posed by common web application vulnerabilities, many vulnerability detection approaches have been proposed. However, finding alternative solutions to address these risks remains an important research problem. As web applications generally adopt input validation and sanitization routines to prevent web security risks, in this paper, we propose a set of static code attributes that represent the characteristics of these routines for predicting the two most common web application vulnerabilities—SQL injection and cross site scripting. In …
Manipulation In Digital Word-Of-Mouth: A Reality Check For Book Reviews, Nan Hu, Indranil Bose, Yunjun Gao, Ling Liu
Manipulation In Digital Word-Of-Mouth: A Reality Check For Book Reviews, Nan Hu, Indranil Bose, Yunjun Gao, Ling Liu
Research Collection School Of Computing and Information Systems
Built upon the discretionary accrual-based earnings management framework, our paper develops a discretionary manipulation proxy to study the management of online reviews. We reveal that fraudulent review manipulation is a serious problem for 1) non-bestseller books; 2) books whose reviews are classified as not very helpful; 3) books that experience greater variability in the helpfulness of their online reviews; and 4) popular books as well as high-priced books. We also show that review management decreases with the passage of time. Just like fraudulent earnings management, manipulated online reviews reflect inauthentic information from which consumers might derive wrong valuation especially for …