Abstract
In modern software development, open-source software (OSS) plays a crucial role. Although some methods exist to verify the safety of OSS, the current automation technologies fall short. To address this problem, we propose AutoMetric, an automatic technique for measuring security metrics for OSS in repository level. Using AutoMetric which only collects repository addresses of the projects, it is possible to inspect many projects simultaneously regardless of its size and scope. AutoMetric contains five metrics: Mean Time to Update (MU), Mean Time to Commit (MC), Number of Contributors (NC), Inactive Period (IP), and Branch Protection (BP). These metrics can be calculated quickly even if the source code changes. By comparing metrics in AutoMetric with 2,675 reported vulnerabilities in GitHub Advisory Database (GAD), the result shows that the more frequent updates and commits and the shorter the inactivity period, the more vulnerabilities were found.
Original language | English |
---|---|
Title of host publication | Proceedings - 2023 IEEE/ACM International Conference on Automation of Software Test, AST 2023 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 47-55 |
Number of pages | 9 |
ISBN (Electronic) | 9798350324020 |
DOIs | |
Publication status | Published - 2023 |
Event | 4th IEEE/ACM International Conference on Automation of Software Test, AST 2023 - Melbourne, Australia Duration: 2023 May 15 → 2023 May 16 |
Publication series
Name | Proceedings - 2023 IEEE/ACM International Conference on Automation of Software Test, AST 2023 |
---|
Conference
Conference | 4th IEEE/ACM International Conference on Automation of Software Test, AST 2023 |
---|---|
Country/Territory | Australia |
City | Melbourne |
Period | 23/5/15 → 23/5/16 |
Bibliographical note
Publisher Copyright:© 2023 IEEE.
Keywords
- Open source
- Software metrics
- Software test automation
ASJC Scopus subject areas
- Artificial Intelligence
- Computer Vision and Pattern Recognition
- Software
- Safety, Risk, Reliability and Quality
- Control and Optimization