Quantitative Security Characteristics of Perl Programs
Abstract
The program quality is used to be characterized with error number per 1000 code lines. This parameter is calculated by a statistical regressive analysis of error numbers for successive code versions, with a subsequent extrapolation for the future. This procedure is very tedious even for large companies. It is very hard to verify this estimate for common users, as they have no initial data. There are a lot of methods to estimate code error number, e.g., models Shooman, Musa, Bell-LaPadula, Jelinski-Moranda, Schick-Wolverton, Mills, Lipov, Corcoran, Bernoulli simple intuitive software reliability model, Nelson's software reliability. But often we deal with programs that formally have no errors, at the same time their quality is not evident. The method is proposed to estimate quantitatively a code quality for Perl-routines. This method can identify weaknesses in certain program components, where errors are possible. The proposed method is based on programming style analysis. The method is applicable for any programs with open sources (Python, Perl, PHP, etc). The method can be used for quality comparison and choice of the programs solving similar tasks.
References
2. Zhang Z., Wu W., Wu D. A Multi-Mode Learning Behavior Real-time Data Acquisition Method Based on Data Quality. In: 2021 2nd International Symposium on Computer Engineering and Intelligent Communications (ISCEIC). Nanjing, China: IEEE Computer Society; 2021. p. 64-69. doi: https://doi.org/10.1109/ISCEIC53685.2021.00021
3. Wang Y., Yu C., Hou J., Zhang Y., Fang X., Wu S. Research on the Key Issues of Big Data Quality Management, Evaluation, and Testing for Automotive Application Scenarios. Complexity. 2021;2021:9996011. doi: https://doi.org/10.1155/2021/9996011
4. Pipino L.L., Lee Y.W., Wang R.Y. Data quality assessment. Communications of the ACM. 2002;45(4):211-218. doi: https://doi.org/10.1145/505248.506010
5. Govender S.G., Kritzinger E., Loock M. A Framework for the Assessment of Information Security Risk, the Reduction of Information Security Cost and the Sustainability of Information Security Culture. In: Silhavy R. (ed.) Applied Informatics and Cybernetics in Intelligent Systems. CSOC 2020. Advances in Intelligent Systems and Computing. Vol. 1226. Cham: Springer; 2020. p. 69-84. doi: https://doi.org/10.1007/978-3-030-51974-2_7
6. Aiken P.H. Reverse Engineering of Data. IBM Systems Journal. 1998;37(2):246-269. doi: https://doi.org/10.1147/sj.372.0246
7. Arenas M., Bertossi L., Chomicki J. Consistent query answers in inconsistent databases. In: Proceedings of the eighteenth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems (PODS '99). New York, NY, USA: Association for Computing Machinery; 1999. p. 68-79. doi: https://doi.org/10.1145/303976.303983
8. Сarlo B., Cinzia C., Chiara F., Andrea M. Methodologies for data quality assessment and improvement. ACM Computing Surveys. 2009;41(3):16. doi: https://doi.org/10.1145/1541880.1541883
9. Ballou D.P., Wang R., Pazer H.L., Tayi G.K. Modelling Information Manufacturing Systems to Determine Information Product Quality. Management Science. 1998;44(4):433-594. doi: https://doi.org/10.1287/mnsc.44.4.462
10. Bovee M., Srivastava R.P., Mak B. A Conceptual Framework and Belief- Function Approach to Assessing Overall Information Quality. International Journal of Intelligent Systems. 2003;18(1):51-74. doi: https://doi.org/10.1002/int.10074
11. Cappiello C., Francalanci C., Pernici B. Time-Related Factors of Data Quality in Multichannel Information Systems. Journal of Management Information Systems. 2003;20(3):71-91. doi: https://doi.org/10.1080/07421222.2003.11045769
12. Eppler M.J. Managing Information Quality. Increasing the Value of Information in Knowledge-intensive Products and Processes. Heidelberg: Springer Berlin; 2003. 398 p. doi: https://doi.org/10.1007/3-540-32225-6
13. Jarke M., Jeusfeld M.A., Quix C., Vassiliadis P. Architecture and Quality in Data Warehouses: An Extended repository Approach. Information Systems. 1999;24(3):229-253. doi: https://doi.org/10.1016/S0306-4379(99)00017-4
14. Naumann F. Quality-Driven Query Answering for Integrated Information Systems. In: Lecture Notes in Computer Science. Vol. 2261. Heidelberg: Springer Berlin; 2002. 168 p. doi: https://doi.org/10.1007/3-540-45921-9
15. Orr K. Data Quality and Systems Theory. Communications of the ACM. 1998;41(2):66-71. doi: https://doi.org/10.1145/269012.269023
16. Wang R.Y. A Product Perspective on Total Data Quality Management. Communications of the ACM. 1998;41(2):58-65. doi: https://doi.org/10.1145/269012.269022
17. Wang R.Y., Strong D.M. Beyond Accuracy: What Data Quality Means to Data Consumers. Journal of Management Information Systems. 1996;12(4):5-33. doi: https://doi.org/10.1080/07421222.1996.11518099
18. Wand Y., Wang R.Y. Anchoring Data Quality Dimensions in Ontological Foundations. Communication of the ACM. 1996;39(11):86-95. doi: https://doi.org/10.1145/240455.240479
19. Coust P. Chapter 15 ‒ Methods and Logics for Proving Programs. Formal Models and Semantics. Handbook of Theoretical Computer Science. Elsevier Science; 1990. p. 843-993. doi: https://doi.org/10.1016/B978-0-444-88074-1.50020-2
20. Dorenskaya E.A., Semenov Yu.A. About the Programming Techniques, Oriented to Minimize Errors. Modern Information Technologies and IT-Education. 2017;13(2):50-56. (In Russ., abstract in Eng.) doi: https://doi.org/10.25559/SITITO.2017.2.226
21. Holzmann G.J. The power of 10: rules for developing safety-critical code. Computer. 2006;39(6):95-99. doi: https://doi.org/10.1109/MC.2006.212
22. Schilling W., Alam M. A methodology for quantitative evaluation of software reliability using static analysis. In: 2008 Annual Reliability and Maintainability Symposium. Las Vegas, NV, USA: IEEE Computer Society; 2008. p. 399-404. doi: https://doi.org/10.1109/RAMS.2008.4925829
23. de Sousa A.L.R., de Souza C.R.B., Reis R.Q. A 20-year mapping of Bayesian belief networks in software project management. IET Software. 2022;16(1):14-28. doi: https://doi.org/10.1049/sfw2.12043
24. Sonnekalb T., Heinze T.S., Mäder P. Deep security analysis of program code. Empirical Software Engineering. 2022;27(1):2. doi: https://doi.org/10.1007/s10664-021-10029-x
25. Villalón-Fonseca R. The nature of security: A conceptual framework for integral-comprehensive modeling of IT security and cybersecurity. Computers & Security. 2022;120:102805. doi: https://doi.org/10.1016/j.cose.2022.102805
This work is licensed under a Creative Commons Attribution 4.0 International License.
Publication policy of the journal is based on traditional ethical principles of the Russian scientific periodicals and is built in terms of ethical norms of editors and publishers work stated in Code of Conduct and Best Practice Guidelines for Journal Editors and Code of Conduct for Journal Publishers, developed by the Committee on Publication Ethics (COPE). In the course of publishing editorial board of the journal is led by international rules for copyright protection, statutory regulations of the Russian Federation as well as international standards of publishing.
Authors publishing articles in this journal agree to the following: They retain copyright and grant the journal right of first publication of the work, which is automatically licensed under the Creative Commons Attribution License (CC BY license). Users can use, reuse and build upon the material published in this journal provided that such uses are fully attributed.
