AutoMetric: Towards Measuring Open-Source Software Quality Metrics Automatically

Taejun Lee, Heewon Park, Heejo Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In modern software development, open-source software (OSS) plays a crucial role. Although some methods exist to verify the safety of OSS, the current automation technologies fall short. To address this problem, we propose AutoMetric, an automatic technique for measuring security metrics for OSS in repository level. Using AutoMetric which only collects repository addresses of the projects, it is possible to inspect many projects simultaneously regardless of its size and scope. AutoMetric contains five metrics: Mean Time to Update (MU), Mean Time to Commit (MC), Number of Contributors (NC), Inactive Period (IP), and Branch Protection (BP). These metrics can be calculated quickly even if the source code changes. By comparing metrics in AutoMetric with 2,675 reported vulnerabilities in GitHub Advisory Database (GAD), the result shows that the more frequent updates and commits and the shorter the inactivity period, the more vulnerabilities were found.

Original languageEnglish
Title of host publicationProceedings - 2023 IEEE/ACM International Conference on Automation of Software Test, AST 2023
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages47-55
Number of pages9
ISBN (Electronic)9798350324020
DOIs
Publication statusPublished - 2023
Event4th IEEE/ACM International Conference on Automation of Software Test, AST 2023 - Melbourne, Australia
Duration: 2023 May 152023 May 16

Publication series

NameProceedings - 2023 IEEE/ACM International Conference on Automation of Software Test, AST 2023

Conference

Conference4th IEEE/ACM International Conference on Automation of Software Test, AST 2023
Country/TerritoryAustralia
CityMelbourne
Period23/5/1523/5/16

Bibliographical note

Funding Information:
This work was supported by Institute of Information & Communications Technology Planning & Evaluation (IITP) grant funded by the Korea government Ministry of Science and ICT (MSIT) (No.2022-0-00277, Development of SBOM Technologies for Securing Software Supply Chains, No.2022-0-01198, Convergence Security Core Talent Training Business, and IITP2023-2020-0-01819, ICT Creative Consilience program).

Publisher Copyright:
© 2023 IEEE.

Keywords

  • Open source
  • Software metrics
  • Software test automation

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Vision and Pattern Recognition
  • Software
  • Safety, Risk, Reliability and Quality
  • Control and Optimization

Fingerprint

Dive into the research topics of 'AutoMetric: Towards Measuring Open-Source Software Quality Metrics Automatically'. Together they form a unique fingerprint.

Cite this