How security bugs are fixed and what can be improved: an empirical study with Mozilla

This is a preview of subscription content, access via your institution.

References

  1. 1

    Viega J, McGraw G. Building Secure Software: How to Avoid Security Problems the Right Way. 1st ed. London: Addison-Wesley, 2011

    Google Scholar 

  2. 2

    Cai Y, Jia C, Wu S, et al. ASN: a dynamic barrier-based approach to confirmation of deadlocks from warnings for large-scale multithreaded programs. IEEE Trans Parallel Distrib Syst, 2015, 26: 13–23

    Article  Google Scholar 

  3. 3

    Cai Y, Chan W K. Magiclock: scalable detection of potential deadlocks in large-scale multithreaded programs. IEEE Trans Softw Eng, 2014, 40: 266–281

    Article  Google Scholar 

  4. 4

    Shar L K, Tan H B K, Briand L C. Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis. In: Proceedings of the 35th International Conference on Software Engineering, San Francisco, 2013. 642–651

    Google Scholar 

  5. 5

    Felderer M, B¨uchler M, Johns M, et al. Chapter one - security testing: a survey. Adv Comput, 2016, 101: 1–51

    Article  Google Scholar 

  6. 6

    Cai Y, Lu Q. Dynamic testing for deadlocks via constraints. IEEE Trans Softw Eng, 2016, 42: 825–842

    Article  Google Scholar 

  7. 7

    Cai Y, Cao L. Fixing deadlocks via lock preacquisitions. In: Proceedings of the 38th International Conference on Software Engineering, Austin, 2016. 1109–1120

    Google Scholar 

  8. 8

    Wang L, Sun X, Wang J, et al. Construct bug knowledge graph for bug resolution: poster. In: Proceedings of IEEE/ACM International Conference on Software Engineering, 2017. 189–191

    Google Scholar 

  9. 9

    Zaman S, Adams B, Hassan A E. Security versus performance bugs: a case study on firefox. In: Proceedings of the 8th Working Conference on Mining Software Repositories, New York, 2011. 93–102

    Google Scholar 

Download references

Acknowledgements

This work was supported partially by Natural Science Foundation of China (Grant Nos. 61872312, 61402396, 61611540347, 61472344), Jiangsu Qin Lan Project, China Postdoctoral Science Foundation (Grant No. 2015M571489), and Natural Science Foundation of Yangzhou City (Grant No. YZ2017113).

Author information

Affiliations

Authors

Corresponding author

Correspondence to Xiaobing Sun.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Sun, X., Peng, X., Zhang, K. et al. How security bugs are fixed and what can be improved: an empirical study with Mozilla. Sci. China Inf. Sci. 62, 19102 (2019). https://doi.org/10.1007/s11432-017-9459-5

Download citation