How security bugs are fixed and what can be improved: an empirical study with Mozilla

  • Xiaobing Sun
  • Xin Peng
  • Kai Zhang
  • Yang Liu
  • Yuanfang Cai



This work was supported partially by Natural Science Foundation of China (Grant Nos. 61872312, 61402396, 61611540347, 61472344), Jiangsu Qin Lan Project, China Postdoctoral Science Foundation (Grant No. 2015M571489), and Natural Science Foundation of Yangzhou City (Grant No. YZ2017113).


  1. 1.
    Viega J, McGraw G. Building Secure Software: How to Avoid Security Problems the Right Way. 1st ed. London: Addison-Wesley, 2011Google Scholar
  2. 2.
    Cai Y, Jia C, Wu S, et al. ASN: a dynamic barrier-based approach to confirmation of deadlocks from warnings for large-scale multithreaded programs. IEEE Trans Parallel Distrib Syst, 2015, 26: 13–23CrossRefGoogle Scholar
  3. 3.
    Cai Y, Chan W K. Magiclock: scalable detection of potential deadlocks in large-scale multithreaded programs. IEEE Trans Softw Eng, 2014, 40: 266–281CrossRefGoogle Scholar
  4. 4.
    Shar L K, Tan H B K, Briand L C. Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis. In: Proceedings of the 35th International Conference on Software Engineering, San Francisco, 2013. 642–651Google Scholar
  5. 5.
    Felderer M, B¨uchler M, Johns M, et al. Chapter one - security testing: a survey. Adv Comput, 2016, 101: 1–51CrossRefGoogle Scholar
  6. 6.
    Cai Y, Lu Q. Dynamic testing for deadlocks via constraints. IEEE Trans Softw Eng, 2016, 42: 825–842CrossRefGoogle Scholar
  7. 7.
    Cai Y, Cao L. Fixing deadlocks via lock preacquisitions. In: Proceedings of the 38th International Conference on Software Engineering, Austin, 2016. 1109–1120Google Scholar
  8. 8.
    Wang L, Sun X, Wang J, et al. Construct bug knowledge graph for bug resolution: poster. In: Proceedings of IEEE/ACM International Conference on Software Engineering, 2017. 189–191Google Scholar
  9. 9.
    Zaman S, Adams B, Hassan A E. Security versus performance bugs: a case study on firefox. In: Proceedings of the 8th Working Conference on Mining Software Repositories, New York, 2011. 93–102CrossRefGoogle Scholar

Copyright information

© Science China Press and Springer-Verlag GmbH Germany, part of Springer Nature 2018

Authors and Affiliations

  • Xiaobing Sun
    • 1
    • 2
    • 3
  • Xin Peng
    • 1
    • 2
  • Kai Zhang
    • 1
    • 2
  • Yang Liu
    • 4
  • Yuanfang Cai
    • 5
  1. 1.School of Computer ScienceFudan UniversityShanghaiChina
  2. 2.Shanghai Key Laboratory of Data ScienceFudan UniversityShanghaiChina
  3. 3.School of Information EngineeringYangzhou UniversityYangzhouChina
  4. 4.School of Computer Science and EngineeringNanyang Technological UniversitySingaporeSingapore
  5. 5.Department of Computer ScienceDrexel UniversityPhiladelphiaUSA

Personalised recommendations