What Can Self-Admitted Technical Debt Tell Us About Security? A Mixed-Methods Study
Authors:
Nicolás E. Díaz Ferreyra,
Mojtaba Shahin,
Mansooreh Zahedi,
Sodiq Quadri,
Ricardo Scandariato
Abstract:
Self-Admitted Technical Debt (SATD) encompasses a wide array of sub-optimal design and implementation choices reported in software artefacts (e.g., code comments and commit messages) by developers themselves. Such reports have been central to the study of software maintenance and evolution over the last decades. However, they can also be deemed as dreadful sources of information on potentially exp…
▽ More
Self-Admitted Technical Debt (SATD) encompasses a wide array of sub-optimal design and implementation choices reported in software artefacts (e.g., code comments and commit messages) by developers themselves. Such reports have been central to the study of software maintenance and evolution over the last decades. However, they can also be deemed as dreadful sources of information on potentially exploitable vulnerabilities and security flaws. This work investigates the security implications of SATD from a technical and developer-centred perspective. On the one hand, it analyses whether security pointers disclosed inside SATD sources can be used to characterise vulnerabilities in Open-Source Software (OSS) projects and repositories. On the other hand, it delves into developers' perspectives regarding the motivations behind this practice, its prevalence, and its potential negative consequences. We followed a mixed-methods approach consisting of (i) the analysis of a preexisting dataset containing 8,812 SATD instances and (ii) an online survey with 222 OSS practitioners. We gathered 201 SATD instances through the dataset analysis and mapped them to different Common Weakness Enumeration (CWE) identifiers. Overall, 25 different types of CWEs were spotted across commit messages, pull requests, code comments, and issue sections, from which 8 appear among MITRE's Top-25 most dangerous ones. The survey shows that software practitioners often place security pointers across SATD artefacts to promote a security culture among their peers and help them spot flaky code sections, among other motives. However, they also consider such a practice risky as it may facilitate vulnerability exploits. Our findings suggest that preserving the contextual integrity of security pointers disseminated across SATD artefacts is critical to safeguard both commercial and OSS solutions against zero-day attacks.
△ Less
Submitted 2 March, 2024; v1 submitted 23 January, 2024;
originally announced January 2024.
Deep Learning for Apple Diseases: Classification and Identification
Authors:
Asif Iqbal Khan,
SMK Quadri,
Saba Banday
Abstract:
Diseases and pests cause huge economic loss to the apple industry every year. The identification of various apple diseases is challenging for the farmers as the symptoms produced by different diseases may be very similar, and may be present simultaneously. This paper is an attempt to provide the timely and accurate detection and identification of apple diseases. In this study, we propose a deep le…
▽ More
Diseases and pests cause huge economic loss to the apple industry every year. The identification of various apple diseases is challenging for the farmers as the symptoms produced by different diseases may be very similar, and may be present simultaneously. This paper is an attempt to provide the timely and accurate detection and identification of apple diseases. In this study, we propose a deep learning based approach for identification and classification of apple diseases. The first part of the study is dataset creation which includes data collection and data labelling. Next, we train a Convolutional Neural Network (CNN) model on the prepared dataset for automatic classification of apple diseases. CNNs are end-to-end learning algorithms which perform automatic feature extraction and learn complex features directly from raw images, making them suitable for wide variety of tasks like image classification, object detection, segmentation etc. We applied transfer learning to initialize the parameters of the proposed deep model. Data augmentation techniques like rotation, translation, reflection and scaling were also applied to prevent overfitting. The proposed CNN model obtained encouraging results, reaching around 97.18% of accuracy on our prepared dataset. The results validate that the proposed method is effective in classifying various types of apple diseases and can be used as a practical tool by farmers.
△ Less
Submitted 6 July, 2020;
originally announced July 2020.