The International Conference for High Performance Computing, Networking, Storage, and Analysis
The International Conference for High Performance Computing, Networking, Storage, and Analysis
Poster Type: Research Posters
Author: Samiha Shimmi (Northern Illinois University), Nicholas Synovic (Loyola University Chicago), Mona Rahimi (Northern Illinois University), George Thiruvathukal (Loyola University Chicago)
Supervisor:
Abstract: There is growing interest in securing scientific software, which underpins research results and often transitions into commercial systems. While source code metrics provide useful indicators of vulnerabilities, software engineering process (SEP) metrics can uncover patterns that lead to their introduction. Few studies have explored whether SEP metrics can reveal risky development activities over time—insights that are essential for predicting vulnerabilities.
This work highlights the critical role of SEP metrics in understanding and mitigating vulnerability reintroduction. We move beyond file-level prediction and analyze security fixes at the commit level, focusing on sequences of changes where vulnerabilities evolve and re-emerge. Our approach emphasizes that reintroduction is rarely the result of one isolated action, but emerges from cumulative development activities and socio-technical conditions.
Best Poster Finalist (BP): no
Poster: PDF
Poster Summary: PDF