A Novel Approach to Determine Software Security Level using Bayes Classifier via Static Code Metrics

Guncel Sarıman,Ecir Ugur Kucuksille

doi:10.5755/j01.eie.22.2.12177

Abstract

Technological developments are increasing day by day and software products are growing in an uncontrolled way. This leads to the development of applications which do not comply with principles of design. Software which has not passed security testing may put the end user into danger. During the processes of error detection and verification of developed software, static and dynamic analysis may be used. Static code analysis provides analysis in different categories while coding without code compile. Source code metrics are also within these categories. Code metrics evaluate software quality, level of risk, and interchangeability by analysing software based on those metrics. In this study, we will describe our web-based application which is developed to determine the level of security in software. In this scope, software's metric calculation method will be explained. The scoring system we used to determine the security level calculation will be explained, taking into account metric thresholds that are acceptable in the literature. Bayes Classifier Method, distinguishing risks in the project files with the analysis of uploaded sample software files, will be described. Finally, objectives of this analysis method and planned activities will be explained. DOI: http://dx.doi.org/10.5755/j01.eie.22.2.12177

Highlights

Important number of lines of code in a software development process significantly affects maintenance and sustainability of a project
If E is accepted as the number of edges of the graph and if N is accepted as the number of nodes, Cyclomatic Complexity can be calculated using the formula in (1) [24]
Software quality and security categorization are measured at every stage of development with the developed software and the proposed method

Summary

Introduction

Important number of lines of code in a software development process significantly affects maintenance and sustainability of a project. In a code developing process, carelessness and incorrect coding can make software unusable. Software developers aim to develop code quickly and in order to release more products, but there is an important dimension that they forget to take into consideration; security of their application and code of developed software. For this reason, developed software should be secure with desired requirements.

Objectives

Methods

Results

Conclusion