ICST.Table 1: Difference between revisions
Jump to navigation
Jump to search
Programsam (talk | contribs) No edit summary |
Programsam (talk | contribs) No edit summary |
||
| Line 30: | Line 30: | ||
| True (Logistic Regression, p<0.05) | | True (Logistic Regression, p<0.05) | ||
|- | |- | ||
| '''H2.''' The more hotspots a file contains, the more times that file was changed due to any kind of vulnerability (not just input validation vulnerabilities). | |||
| True (Simple Linear Regression, p<0.0001, Adjusted R2 = 0.4208) | |||
| True (Simple Linear Regression, p<0.0001, Adjusted R2 = 0.3802) | |||
|- | |||
|colspan="3" style="background: #eeeeee" | Hypotheses about issue reports | |||
|- | |||
|} | |} | ||
Revision as of 22:25, 24 August 2013
| WordPress | WikkaWiki | |
|---|---|---|
| Releases Analysed | Nine | Six |
| Security issue reports analyzed | 97 | 61 |
| Vulnerable files (over project's history) | 26% (85 / 326) | 29% (44 / 209) |
| Average number of hotspots (over project's history | 255 | 92 |
| Average percent of files having at least one hotspot | 14.2% | 8.42% |
| Hypotheses about files | ||
| H1. The more hotspots a file contains per line of code, the more likely it is that the file contains any web application vulnerability. | True (Logistic Regression, p<0.05) | True (Logistic Regression, p<0.05) |
| H2. The more hotspots a file contains, the more times that file was changed due to any kind of vulnerability (not just input validation vulnerabilities). | True (Simple Linear Regression, p<0.0001, Adjusted R2 = 0.4208) | True (Simple Linear Regression, p<0.0001, Adjusted R2 = 0.3802) |
| Hypotheses about issue reports | ||