A Data-Mining Based Study of Security Vulnerability Types and Their Mitigation in Different Languages

TL;DR

This study analyzes security vulnerabilities across popular programming languages, revealing patterns, differences in issues and fixes, and variability in security practices among projects of similar sizes.

Contribution

It provides statistical insights into language-specific security issues and highlights the variability in vulnerabilities and solutions across different projects and languages.

Findings

Security issues vary across languages and projects.

Solutions to vulnerabilities differ significantly.

Project size does not predict security quality.

Abstract

The number of people accessing online services is increasing day by day, and with new users, comes a greater need for effective and responsive cyber-security. Our goal in this study was to find out if there are common patterns within the most widely used programming languages in terms of security issues and fixes. In this paper, we showcase some statistics based on the data we extracted for these languages. Analyzing the more popular ones, we found that the same security issues might appear differently in different languages, and as such the provided solutions may vary just as much. We also found that projects with similar sizes can produce extremely different results, and have different common weaknesses, even if they provide a solution to the same task. These statistics may not be entirely indicative of the projects' standards when it comes to security, but they provide a good reference point of what one should expect. Given a larger sample size they could be made even more precise, and as such a better understanding of the security relevant activities within the projects written in given languages could be achieved.