Analyzing and Assessing the Security-Related Defects

The use of the Internet has become an integral part of everyone's life. Due to this, the introduction of virus and other malicious crackers is increasing everyday. This in turn leads to the introduction of defects which adversely affect the security. Thus, protecting vital information in this cyber world is not an easy task. We need to deal with security related defects to ensure failure free and smooth functioning of the software. Thus, in this paper, we intend to study and analyze various aspects of security-related defects by analyzing the defect reports available in various open-source software repositories. Besides this, prediction models can also be constructed which can be used by researchers and practitioners to predict various aspects of security -related defects. Such prediction models are especially beneficial for large-scale systems, where testing experts need to focus their attention and resources to the problem areas of the system under development. Thus, application of software prediction models in the early phases of the software life cycle contributes to efficient defect removal and results in delivering more reliable and better quality software products. Empirical studies lack the use of proper research methodology and thus result in reporting inconsistent results. This study will review the sequence of steps followed in the research process for carrying empirical and replicated studies. The steps include a) literature survey and definition of variables b) data collection c) report findings using statistical and machine learning techniques d) analyzing performance measures for evaluating the performance of the predicted models and e) interpretation of the obtained results for developing a software prediction model. These steps are explained with the help of experimental public domain data set. In addition, the paper provides an overview of repositories for mining software engineering data, tools for analyzing this data and various categories of machine learning methods. It also discusses existing research avenues and provides future research directions in this area.