Previous Work

Here are some of the papers I have reviewed. More to come soon.

Failure-prone components are also attack-prone components.

In this paper the author analyses two large commercial systems, finding empirical evidence of strong correlation between non-security failures and security failures. http://dl.acm.org/citation.cfm?doid=1449814.1449907

Dismal Code: Studying the Evolution of Security Bugs:

In this paper the authors use static analysis to identify security bugs and perform longitudinal analyses on different aspects (number of security bugs, bug persistence, project size and relation with other types of bugs). https://www.usenix.org/system/files/conference/laser2013/2013-laser-mitropoulos.pdf

-Felivel.