Article Preview
TopIntroduction
The main cause of the security problems in the software systems is due to the presence of software vulnerabilities. Shirey (2000) defined software vulnerabilities as a flaw or shortcomings in the software design process or implementation process and which can lead to the breakdown of the security of the system. Ozment (2007) defines vulnerability as an instance of a mistake in the specification, development, or implantation phase of the software such that its execution can violate the security policy of the software. The developers used a wide range of tools to ensure the security of the software but still due to the complex nature of the software manufacturing process some faults may exist. Software vulnerabilities study can be broadly categorized into (a) software vulnerability analysis and (b) software vulnerability discovery (Chunguang, Qing & Hua, 2006). Vulnerability analysis targets already discovered vulnerabilities and their characteristics such as to cause and effects. In addition, it also focuses on the features of the vulnerability discovery process that guides in the detection of new vulnerabilities. On the other hand, the software vulnerability discovery technique focuses to find out the already known vulnerabilities which might remain undiscovered during the software development phase.
The software vulnerability discovery technique is divided into two categories: static analysis and dynamic analysis. The analysis of the source code is the primary focus of the static code analysis. Most of the static analyzer works on the principle of pattern matching. They examined the source code among a number of well-known patterns of the vulnerabilities. This technique looks simple but practically it is complex, as each method of vulnerability detection is limited to only one language. Most of the static analyzer methods like ITS4 (Viega et al., 2001), RATS (Fatima, Bibi & Hanif, 2018), FlawFinder (Dwheeler, 2000) are based on lexical analysis, which firstly pre-processes the source code and makes tokens of the code. Afterward, these tokens are matched against the respective library of vulnerable constructs. However, these methods are limited to only syntax analysis rather than semantic analysis because it only matches the pattern of the token stream rather than knowing the meaning or logic of the code but still they are better than the string matching techniques of vulnerability analysis. The dynamic analysis method of the vulnerability discovery technique applied directly to the object code of the software. This type of analysis involves the actual running of the software (Aggarwal & Jalote, 2006). The analyzer generates lesser false positive as compared to the static analyzers. Purify (Yih-Farn, David & Kiem-Phong, 1994) and STOBO (Haugh & Bishop, 2003) are examples of dynamic analyzers. These types of analyzers face run time overhead problems and require large test cases for detecting security flaws. Both the techniques have some plus and minus points; we primarily focused on the static analysis as we try to eliminate the vulnerabilities at the earlier stages to reduce the cost of the software. Once the vulnerabilities remain undetected at the earlier stages then they will become hard to remove after implementation of the software for mainly two reasons: (a) alteration of the complex code and (b) the cost associated with the detection and removal of the vulnerabilities.
The purpose of this study is to examine the source code of OSS projects. It explores answers to the following research questions.