References
Viega J, McGraw G. Building Secure Software: How to Avoid Security Problems the Right Way. 1st ed. London: Addison-Wesley, 2011
Cai Y, Jia C, Wu S, et al. ASN: a dynamic barrier-based approach to confirmation of deadlocks from warnings for large-scale multithreaded programs. IEEE Trans Parallel Distrib Syst, 2015, 26: 13–23
Cai Y, Chan W K. Magiclock: scalable detection of potential deadlocks in large-scale multithreaded programs. IEEE Trans Softw Eng, 2014, 40: 266–281
Shar L K, Tan H B K, Briand L C. Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis. In: Proceedings of the 35th International Conference on Software Engineering, San Francisco, 2013. 642–651
Felderer M, B¨uchler M, Johns M, et al. Chapter one - security testing: a survey. Adv Comput, 2016, 101: 1–51
Cai Y, Lu Q. Dynamic testing for deadlocks via constraints. IEEE Trans Softw Eng, 2016, 42: 825–842
Cai Y, Cao L. Fixing deadlocks via lock preacquisitions. In: Proceedings of the 38th International Conference on Software Engineering, Austin, 2016. 1109–1120
Wang L, Sun X, Wang J, et al. Construct bug knowledge graph for bug resolution: poster. In: Proceedings of IEEE/ACM International Conference on Software Engineering, 2017. 189–191
Zaman S, Adams B, Hassan A E. Security versus performance bugs: a case study on firefox. In: Proceedings of the 8th Working Conference on Mining Software Repositories, New York, 2011. 93–102
Acknowledgements
This work was supported partially by Natural Science Foundation of China (Grant Nos. 61872312, 61402396, 61611540347, 61472344), Jiangsu Qin Lan Project, China Postdoctoral Science Foundation (Grant No. 2015M571489), and Natural Science Foundation of Yangzhou City (Grant No. YZ2017113).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Sun, X., Peng, X., Zhang, K. et al. How security bugs are fixed and what can be improved: an empirical study with Mozilla. Sci. China Inf. Sci. 62, 19102 (2019). https://doi.org/10.1007/s11432-017-9459-5
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11432-017-9459-5