@inproceedings{99265c2ede8e46eb9ea18961e9cb7694,
title = "A Preliminary Study Examining Relationships Between Nano-Patterns and Software Security Vulnerabilities",
abstract = "Software security plays a significant role in ensuring software quality. The goal of this study is to conduct a preliminary analysis to find hidden relationships between source code patterns and security defects. We describe a study in which we focus on evaluating software security using nano-patterns to reduce security risks during the development lifecycle. Nano-patterns are simple properties of Java methods. In our research, we investigate the correlation between software vulnerabilities and nano-patterns using data mining techniques. Identifying these relationships can assist developers to quickly assess the likelihood that they are writing vulnerable code and recommend tests to uncover the vulnerability. The goal of this research is to reduce the amount of vulnerable code developers write. We successfully apply data mining techniques to identify vulnerable code characteristics and apply hypothesis testing to validate the findings. This preliminary study shows that certain nano-patterns localReader, jdkClient, tailCaller are significantly present in vulnerable methods. These findings can be used to recommend security test patterns to improve vulnerability testing and reduce the number of vulnerabilities in released code.",
keywords = "nano patterns, software vulnerabilities, traceable patterns",
author = "Sultana, {Kazi Zakia} and Ajay Deo and Williams, {Byron J.}",
note = "Publisher Copyright: {\textcopyright} 2016 IEEE.; 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016 ; Conference date: 10-06-2016 Through 14-06-2016",
year = "2016",
month = aug,
day = "24",
doi = "10.1109/COMPSAC.2016.34",
language = "English",
series = "Proceedings - International Computer Software and Applications Conference",
publisher = "IEEE Computer Society",
pages = "257--262",
editor = "William Claycomb and Dejan Milojicic and Ling Liu and Mihhail Matskin and Zhiyong Zhang and Sorel Reisman and Hiroyuki Sato and Zhiyong Zhang and Ahamed, {Sheikh Iqbal}",
booktitle = "Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016",
}