A comprehensive study on security bug characteristics

摘要

Security bugs can catastrophically impact our increasingly digital lives. Designingeffective tools for detecting and fixing software security bugs requires a deepunderstanding of security bug characteristics. In this paper, we conducted acomprehensive study on security bugs and proposed the classification criteria forsecurity bug category, that is, root cause, consequence, and location. In addition, weselected 1076 bug reports from five projects (i.e., Apache Tomcat, Apache HTTPServer, Mozilla Firefox, Linux Kernel, and Eclipse) in the NVD for investigation.Finally, we investigated the correlation between the classification results andobtained some findings: (1) memory operation is the most common security bug;(2) the primary root causes of security bugs are CON (Configuration Error), INP (InputValidation Error), and MEM (Memory Error); (3) the severity of more than 40% ofsecurity bugs is high; (4) security bugs caused by INP mainly occur on web; and(5) security bugs caused by LOG (Logic Resource Error) usually lead to DoS (Denial ofService). We discussed these findings through data analysis, which can also helpdevelopers better understand the characteristics of security bugs.