A study examining relationships between micro patterns and security vulnerabilities

Kazi Zakia Sultana, Byron J. Williams, Tanmay Bhowmik

Research output: Contribution to journalArticlepeer-review

2 Scopus citations


Software security is an integral part of software quality and reliability. Software vulnerabilities make the software susceptible to attacks which violates software security. Metric-based software vulnerability prediction is one way to evaluate vulnerabilities beforehand so that developers can take preventative measures against attacks. In this study, we explore the correlation between software vulnerabilities and code-level constructs called micro patterns. These code patterns characterize class-level object-oriented program features. Existing research addressed micro pattern correlation with software defects. We analyzed the correlation between vulnerabilities and micro patterns from different viewpoints and explored whether they are related. We studied the distribution of micro patterns and their associations with vulnerable classes in 42 versions of the Apache Tomcat and three Java web applications. This study shows that certain micro patterns are frequently present in vulnerable classes. We also show that there is a high correlation between certain patterns that coexist in a vulnerable class.

Original languageEnglish
Pages (from-to)5-41
Number of pages37
JournalSoftware Quality Journal
Issue number1
StatePublished - Mar 15 2019

ASJC Scopus subject areas

  • Software
  • Safety, Risk, Reliability and Quality


  • Micro patterns
  • Software quality
  • Software security
  • Software vulnerabilities


Dive into the research topics of 'A study examining relationships between micro patterns and security vulnerabilities'. Together they form a unique fingerprint.

Cite this