The research investigates the security implications of Self-Admitted Technical Debt (SATD), which includes sub-optimal design and implementation choices made by developers. The study analyses if security pointers disclosed in SATD can characterise vulnerabilities in Open-Source Software (OSS) projects and repositories. It also examines developers’ views on the motivations, prevalence, and potential negative impacts of this practice. The research results suggest that preserving the contextual integrity of security pointers disseminated across SATD artefacts is essential to safeguard both commercial and OSS solutions against zero-day attacks.

 

Publication date: 25 Jan 2024
Project Page: https://doi.org/XXXXXXX.XXXXXXX
Paper: https://arxiv.org/pdf/2401.12768