Abstract
Security vulnerabilities are present in most software systems, especially in projects with a large codebase, with several versions over the years, developed by many developers. Issues with memory management, in particular buffer overflow, are among the most frequently exploited vulnerabilities in software systems developed in C/C++. Nevertheless, most buffer overflow vulnerabilities are not detectable by vulnerability detection tools and static analysis tools (SATs). To improve vulnerability detection, we need to better understand the characteristics of such vulnerabilities and their root causes. In this study, we analyze 159 vulnerable code units from three representative projects (i.e., Linux Kernel, Mozilla, and Xen). First, the vulnerable code is characterized using the Orthogonal Defect Classification (ODC), showing that most buffer overflow vulnerabilities are related to missing or incorrect checking (e.g., missing if construct around statement or incorrect logical expression used as branch condition). Then, we run two widely used C/C++ Static Analysis Tools (SATs) (i.e., CppCheck and Flawfinder) on the vulnerable and neutral (after the vulnerability fix) versions of each code unit, showing the low effectiveness of this type of tool in detecting buffer overflow vulnerabilities. Finally, we characterize the vulnerable and neutral versions of each code unit using software metrics, demonstrating that, although such metrics are frequently used as indicators of software quality, there is no clear correlation between them and the existence of buffer overflow in the code. As a result, we highlight a set of observations that should be considered to improve the detection of buffer overflow vulnerabilities.
Highlights
Most computing systems suffer from software vulnerabilities, a particular type of defect that may open the door to security attacks [1]
Since 2020 we have witnessed a steep increase in the relevance of software security due to the COVID-19 pandemic, as most businesses and organizations have to be available over the Internet to support online working and services more than ever [2]
A White Source report states that C and C++ account for 52% of vulnerabilities in open source software (C = 46%; C++ = 6%) [4]
Summary
Most computing systems suffer from software vulnerabilities, a particular type of defect that may open the door to security attacks [1]. SMs can be analyzed using techniques such as Machine Learning (ML) [9]–[11] and genetic algorithms [12] to identify potentially vulnerable code units (e.g., files, functions, and classes that probably are vulnerable) In this case, the software development team should review, analyze (e.g., using SATs), and/or test the indicated code units to find and fix the possible vulnerabilities. The software development team should review, analyze (e.g., using SATs), and/or test the indicated code units to find and fix the possible vulnerabilities Both SATs and SMs have limitations in what regards the detection of software vulnerabilities.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
