- Kristiina Rahkema
- James Walden
- David Reid
The goal of the project is to study vulnerability duration across projects. Since files are often copied across projects, vulnerable code can migrate from one project to another. However, vulnerability fixes may not propagate to all projects where the vulnerable code was copied. We are studying how long it takes for the same vulnerable code to fixed across multiple projects.
We also want to examine the causes for different vulnerability durations. We expect that project resources, programming language, and vulnerability type will affect vulnerability duration. While project resources are difficult to measure directly, we can use related metrics, such as popularity as measured by GitHub stars, popularity as measured by how widely the project is imported by other projects, and the number of contributing authors.
data:Directory contains data files.Data analysis.ipynb:Jupyter notebook for analysis of preliminary data.DataMatching.pdf: Diagram of WoC data relationships used in project.Process.md: Process for data gathering.kjd_project_summary.md: Summary of project work during the MSR 2022 WoC hackathon.