Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Security and Quality: Two Sides of the Same Coin?

: Arzt, Steven


Nguyen Quang Do, L. ; Association for Computing Machinery -ACM-; Association for Computing Machinery -ACM-, Special Interest Group on Programming Languages -SIGPLAN-:
SOAP 2021, 10th ACM SIGPLAN International Workshop on the State of the Art in Program Analysis. Proceedings : June 22, 2021, Virtual, Canada, co-located with PLDI 2021
New York: ACM, 2021
ISBN: 978-1-4503-8468-1
International Workshop on the State Of the Art in Program Analysis (SOAP) <10, 2021, Online>
International Conference on Programming Language Design and Implementation (PLDI) <42, 2021, Online>
Conference Paper
Fraunhofer SIT ()

Poor software quality may hinder future extensions to software code. In contrast to functional bugs, such hidden issues are not immediately visible to developers and users, and the software may still be fully usable. Consequently, developers are not forced to fix these issues, not even to investigate them. Security vulnerabilities are hidden isssues as well. However, they can put systems and users’ data at risk and lead to financial losses as well as liability and fines under data protection acts. Therefore, from a risk minimization perspective, avoiding security issues may seem more critical than avoiding quality issues when dealing with limited development resources.
In this paper, we show that both types of hidden issues are correlated. Our study of more than 400 real-world Android apps shows that apps with a high number of quality issues are likely to also have a higher number of security vulnerabilities. We argue that security and quality issues should be seen as two sides of the same coin. We investigate which types of quality problems correlate with which types of security issues and give insights into potential causes.