{"id":"https://openalex.org/W4399667987","doi":"https://doi.org/10.1145/3661167.3661279","title":"An Empirical Investigation of the Security Weaknesses in Open-Source Projects","display_name":"An Empirical Investigation of the Security Weaknesses in Open-Source Projects","publication_year":2024,"publication_date":"2024-06-14","ids":{"openalex":"https://openalex.org/W4399667987","doi":"https://doi.org/10.1145/3661167.3661279"},"language":"en","primary_location":{"id":"doi:10.1145/3661167.3661279","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3661167.3661279","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5063519333","display_name":"Haifa Al\u2010Shammare","orcid":"https://orcid.org/0009-0007-1522-1147"},"institutions":[{"id":"https://openalex.org/I134085113","display_name":"King Fahd University of Petroleum and Minerals","ror":"https://ror.org/03yez3163","country_code":"SA","type":"education","lineage":["https://openalex.org/I134085113"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Haifa Al-Shammare","raw_affiliation_strings":["Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Saudi Arabia and \rDigital Technical College for Girls, Technical and Vocational Training Corporation, Saudi Arabia"],"raw_orcid":"https://orcid.org/0009-0007-1522-1147","affiliations":[{"raw_affiliation_string":"Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Saudi Arabia and \rDigital Technical College for Girls, Technical and Vocational Training Corporation, Saudi Arabia","institution_ids":["https://openalex.org/I134085113"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037113455","display_name":"Nehal Al-Otaiby","orcid":null},"institutions":[{"id":"https://openalex.org/I134085113","display_name":"King Fahd University of Petroleum and Minerals","ror":"https://ror.org/03yez3163","country_code":"SA","type":"education","lineage":["https://openalex.org/I134085113"]},{"id":"https://openalex.org/I76571253","display_name":"Imam Abdulrahman Bin Faisal University","ror":"https://ror.org/038cy8j79","country_code":"SA","type":"education","lineage":["https://openalex.org/I76571253"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Nehal Al-Otaiby","raw_affiliation_strings":["Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Saudi Arabia and \rComputer Department, Deanship of Preparatory Year and Supporting Studies, Imam Abdulrahman Bin Faisal University, Saudi Arabia"],"raw_orcid":"https://orcid.org/0009-0003-6731-6245","affiliations":[{"raw_affiliation_string":"Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Saudi Arabia and \rComputer Department, Deanship of Preparatory Year and Supporting Studies, Imam Abdulrahman Bin Faisal University, Saudi Arabia","institution_ids":["https://openalex.org/I76571253","https://openalex.org/I134085113"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5099127781","display_name":"Muradi Al-Otabi","orcid":null},"institutions":[{"id":"https://openalex.org/I134085113","display_name":"King Fahd University of Petroleum and Minerals","ror":"https://ror.org/03yez3163","country_code":"SA","type":"education","lineage":["https://openalex.org/I134085113"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Muradi Al-Otabi","raw_affiliation_strings":["Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Saudi Arabia"],"raw_orcid":"https://orcid.org/0009-0007-3148-0077","affiliations":[{"raw_affiliation_string":"Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Saudi Arabia","institution_ids":["https://openalex.org/I134085113"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5014589730","display_name":"Mohammad Alshayeb","orcid":"https://orcid.org/0000-0001-7950-0099"},"institutions":[{"id":"https://openalex.org/I134085113","display_name":"King Fahd University of Petroleum and Minerals","ror":"https://ror.org/03yez3163","country_code":"SA","type":"education","lineage":["https://openalex.org/I134085113"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Mohammad Alshayeb","raw_affiliation_strings":["Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Saudi Arabia"],"raw_orcid":"https://orcid.org/0000-0001-7950-0099","affiliations":[{"raw_affiliation_string":"Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Saudi Arabia","institution_ids":["https://openalex.org/I134085113"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.3791,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.84780659,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"634","last_page":"642"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9926000237464905,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11675","display_name":"Open Source Software Innovations","score":0.9921000003814697,"subfield":{"id":"https://openalex.org/subfields/1706","display_name":"Computer Science Applications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/open-source","display_name":"Open source","score":0.6356616020202637},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6131442785263062},{"id":"https://openalex.org/keywords/strengths-and-weaknesses","display_name":"Strengths and weaknesses","score":0.44065025448799133},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4183666706085205},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.1238429844379425},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.0980108380317688}],"concepts":[{"id":"https://openalex.org/C3018397939","wikidata":"https://www.wikidata.org/wiki/Q3644502","display_name":"Open source","level":3,"score":0.6356616020202637},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6131442785263062},{"id":"https://openalex.org/C63882131","wikidata":"https://www.wikidata.org/wiki/Q17122954","display_name":"Strengths and weaknesses","level":2,"score":0.44065025448799133},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4183666706085205},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.1238429844379425},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.0980108380317688},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3661167.3661279","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3661167.3661279","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.4399999976158142,"id":"https://metadata.un.org/sdg/17","display_name":"Partnerships for the goals"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W2528259852","https://openalex.org/W2740279154","https://openalex.org/W2789660410","https://openalex.org/W2793876926","https://openalex.org/W2900690747","https://openalex.org/W2924601626","https://openalex.org/W2961767254","https://openalex.org/W2968738488","https://openalex.org/W2976928731","https://openalex.org/W2988502170","https://openalex.org/W3006613871","https://openalex.org/W3027636930","https://openalex.org/W3085545669","https://openalex.org/W3098684777","https://openalex.org/W3132910239","https://openalex.org/W3148356943","https://openalex.org/W3159300567","https://openalex.org/W3163146719","https://openalex.org/W3168029892","https://openalex.org/W3194321204","https://openalex.org/W3205186298","https://openalex.org/W4383898619","https://openalex.org/W4389195248","https://openalex.org/W4392186376"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W4295769391","https://openalex.org/W2972220648","https://openalex.org/W2332667808","https://openalex.org/W1997921863","https://openalex.org/W3112960490","https://openalex.org/W2390279801","https://openalex.org/W93605524","https://openalex.org/W2358668433"],"abstract_inverted_index":{"With":[0],"the":[1,6,40,70,95,100,149,152,163,178,195,204],"increase":[2],"of":[3,8,102,127,148,154,165],"code":[4,206],"reuse,":[5],"possibility":[7],"security":[9,25],"vulnerabilities":[10,191],"increases.":[11],"Thus,":[12],"tools":[13],"for":[14,83,180],"static":[15],"analysis":[16],"are":[17,134,156],"widely":[18],"used":[19,67],"to":[20,30,68,99,119,158,202],"evaluate":[21],"open-source":[22,45,89,184],"projects":[23,53,117],"against":[24],"vulnerabilities.":[26],"This":[27],"research":[28],"aims":[29],"empirically":[31],"study":[32,79],"common":[33,71,125],"weakness":[34],"types":[35,126],"(CWEs),":[36],"their":[37],"frequencies,":[38],"and":[39,44,57,62,85,105,144,151,170],"correlations":[41],"between":[42],"them":[43],"project":[46,90,150],"characteristics.":[47],"The":[48,64,123,146],"PVS-Studio":[49],"tool":[50,65],"analyzed":[51],"150":[52],"hosted":[54],"on":[55,112],"GitHub":[56],"written":[58],"in":[59,74,88,130],"C#,":[60],"C++,":[61],"Java.":[63],"was":[66],"investigate":[69],"weaknesses":[72,128],"found":[73,157],"these":[75,103,113,131],"projects.":[76,211],"Furthermore,":[77],"our":[78,106],"has":[80],"practical":[81],"implications":[82],"developers":[84],"researchers":[86],"interested":[87],"security.":[91,197],"We":[92],"have":[93,109,120,172,189],"identified":[94],"factors":[96],"that":[97,192],"contribute":[98],"presence":[101],"weaknesses,":[104,167],"statistical":[107],"analyses":[108],"shed":[110],"light":[111],"factors.":[114],"Notably,":[115],"C++":[116],"tend":[118],"more":[121],"weaknesses.":[122],"most":[124],"detected":[129,166],"programming":[132],"languages":[133],"CWE-571,":[135],"570,":[136],"690,":[137],"682,":[138],"476,":[139],"628,":[140],"563,":[141],"691,":[142],"704,":[143],"393.":[145],"age":[147],"number":[153,164],"commits":[155],"be":[159],"positively":[160],"correlated":[161],"with":[162],"while":[168],"stars":[169],"forks":[171],"little":[173],"impact.":[174],"These":[175],"findings":[176],"highlight":[177],"need":[179],"caution":[181],"when":[182],"using":[183],"code,":[185],"as":[186],"it":[187,199,209],"can":[188,193],"several":[190],"compromise":[194],"software's":[196],"Therefore,":[198],"is":[200],"crucial":[201],"scan":[203],"third-party":[205],"before":[207],"incorporating":[208],"into":[210]},"counts_by_year":[{"year":2025,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}