Advertisement

Springer Nature is making SARS-CoV-2 and COVID-19 research free. View research | View latest news | Sign up for updates

How security bugs are fixed and what can be improved: an empirical study with Mozilla

This is a preview of subscription content, log in to check access.

References

  1. 1

    Viega J, McGraw G. Building Secure Software: How to Avoid Security Problems the Right Way. 1st ed. London: Addison-Wesley, 2011

  2. 2

    Cai Y, Jia C, Wu S, et al. ASN: a dynamic barrier-based approach to confirmation of deadlocks from warnings for large-scale multithreaded programs. IEEE Trans Parallel Distrib Syst, 2015, 26: 13–23

  3. 3

    Cai Y, Chan W K. Magiclock: scalable detection of potential deadlocks in large-scale multithreaded programs. IEEE Trans Softw Eng, 2014, 40: 266–281

  4. 4

    Shar L K, Tan H B K, Briand L C. Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis. In: Proceedings of the 35th International Conference on Software Engineering, San Francisco, 2013. 642–651

  5. 5

    Felderer M, B¨uchler M, Johns M, et al. Chapter one - security testing: a survey. Adv Comput, 2016, 101: 1–51

  6. 6

    Cai Y, Lu Q. Dynamic testing for deadlocks via constraints. IEEE Trans Softw Eng, 2016, 42: 825–842

  7. 7

    Cai Y, Cao L. Fixing deadlocks via lock preacquisitions. In: Proceedings of the 38th International Conference on Software Engineering, Austin, 2016. 1109–1120

  8. 8

    Wang L, Sun X, Wang J, et al. Construct bug knowledge graph for bug resolution: poster. In: Proceedings of IEEE/ACM International Conference on Software Engineering, 2017. 189–191

  9. 9

    Zaman S, Adams B, Hassan A E. Security versus performance bugs: a case study on firefox. In: Proceedings of the 8th Working Conference on Mining Software Repositories, New York, 2011. 93–102

Download references

Acknowledgements

This work was supported partially by Natural Science Foundation of China (Grant Nos. 61872312, 61402396, 61611540347, 61472344), Jiangsu Qin Lan Project, China Postdoctoral Science Foundation (Grant No. 2015M571489), and Natural Science Foundation of Yangzhou City (Grant No. YZ2017113).

Author information

Correspondence to Xiaobing Sun.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Sun, X., Peng, X., Zhang, K. et al. How security bugs are fixed and what can be improved: an empirical study with Mozilla. Sci. China Inf. Sci. 62, 19102 (2019). https://doi.org/10.1007/s11432-017-9459-5

Download citation