Do bugs foreshadow vulnerabilities? An in-depth study of the chromium project

As developers face an ever-increasing pressure to engineer secure software, researchers are building an understanding of security-sensitive bugs (i.e. vulnerabilities). Research into mining software repositories has greatly increased our understanding of software quality via empirical study of bugs. Conceptually, however, vulnerabilities differ from bugs: they represent an abuse of functionality as opposed to insufficient functionality commonly associated with traditional, non-security bugs. We performed an in-depth analysis of the Chromium project to empirically examine the relationship between bugs and vulnerabilities. We mined 374,686 bugs and 703 post-release vulnerabilities over five Chromium releases that span six years of development. We used logistic regression analysis, ranking analysis, bug type classifications, developer experience, and vulnerability severity metrics to examine the overarching question: are bugs and vulnerabilities in the same files? While we found statistically significant correlations between pre-release bugs and post-release vulnerabilities, we found the association to be weak. Number of features, source lines of code, and pre-release security bugs are, in general, more closely associated with post-release vulnerabilities than any of our non-security bug categories. In further analysis, we examined sub-types of bugs, such as stability-related bugs, and the associations did not improve. Even the files with the most severe vulnerabilities (by measure of CVSS or bounty payouts) did not show strong correlations with number of bugs. These results indicate that bugs and vulnerabilities are empirically dissimilar groups, motivating the need for security engineering research to target vulnerabilities specifically.     

Realizing quality improvement through test driven development: results and experiences of four industrial teams

Test-driven development (TDD) is a software development practice that has been used sporadically for decades. With this practice, a software engineer cycles minute-by-minute between writing failing unit tests and writing implementation code to pass those tests. Test-driven development has recently re-emerged as a critical enabling practice of agile software development methodologies. However, little empirical evidence supports or refutes the utility of this practice in an industrial context. Case studies were conducted with three development teams at Microsoft and one at IBM that have adopted TDD. The results of the case studies indicate that the pre-release defect density of the four products decreased between 40% and 90% relative to similar projects that did not use the TDD practice. Subjectively, the teams experienced a 15–35% increase in initial development time after adopting TDD.

Polynorbornene/fluorosilica hybrids for hydrophobic and oleophobic coatings

Polynorbornene dicarboxylic anhydride (PNA)/fluorosilica hybrid coating materials with good hydrophobicity, oleophobicity, transparency, thermal stability, and hardness were synthesised using a sol–gel method. The surface structure, transparency, hydrophobicity, oleophobicity, and surface free energy of the coating could be controlled by adjusting the fluorosilane ratio. The maximum static water and oil contact angles of films were 112° and 87°, respectively. The PNA/fluorosilica hybrid films exhibited good transparency and colourlessness. The marks written using water and oil-based pens on the films could be erased with a tissue even after eight times. In addition, the hardness of the hybrid films was enhanced to 4H with increasing fluorosilane content.     

Morin,a Flavonoid from Moraceae,Induces Apoptosis by Induction of BAD Protein in Human Leukemic Cells

Evidence suggests that phytochemicals can safely modulate cancer cell biology and induce apoptosis. Here, we investigated the anti-cancer activity of morin, a flavone originally isolated from members of the Moraceae family in human leukemic cells, focusing on apoptosis. An anti-cancer effect of morin was screened with several human leukemic cell lines. U937 cells were most sensitive to morin, where it induced caspase-dependent apoptosis in a dose-dependent manner. It also induced loss of MMP (ΔΨ_m) along with cytochrome c release, down-regulated Bcl-2 protein, and up-regulated BAX proteins. The apoptotic activity of morin was significantly attenuated by Bcl-2 augmentation. In conclusion, morin induced caspase-dependent apoptosis through an intrinsic pathway by upregulating BAD proteins. In addition, Bcl-2 protein expression is also important in morin-induced apoptosis of U937 cells. This study provides evidence that morin might have anticancer properties in human leukemic cells.     

Profiling the operational behavior of OS device drivers

As the complexity of modern Operating Systems (OS) increases, testing key OS components such as device drivers (DD) becomes increasingly complex given the multitude of possible DD interactions. Currently, DD testing entails a broad spectrum of techniques, where static (requiring source code) and dynamic (requiring the executable image) and static-dynamic testing combinations are employed. Despite the sustained and improving test efforts in the field of driver development, DDs still represent a significant cause of system outages as the coverage is invariably limited by test resources and release time considerations. The basic factor is the inability to exhaustively assess and then cover the operational states, leading to releases of inadequately tested DDs. Consequently, if representative operational activity profiles of DDs within an OS could be obtained, these could significantly improve the understanding of the actual operational DD state space and help focus the test efforts. Focusing on characterizing DD operational activities while assuming no access to source code, this paper proposes a quantitative technique for profiling the runtime behavior of DDs using a set of occurrence and temporal metrics obtained via I/O traffic characterization. Such profiles are used to improve test adequacy against real-world workloads by enabling similarity quantification across them. The profiles also reveal execution hotspots in terms of DD functionalities activated in the field, thus allowing for dedicated test campaigns. A case study on actual Windows XP and Vista drivers using various performance and stability benchmarks as workloads substantiates our proposed approach.     

Second response to immunoglobulin in recurrent Guillain-Barré syndrome

Guillain-Barré, syndrome is the most common paralytic illness among healthy adults. With modern critical care, the mortality has fallen although prolonged hospitalisation and significant morbidity are common. Plasma exchange and intravenous immunoglobulin have only recently been shown to be equally efficacious; the combination of plasma exchange plus intravenous immunoglobulin does not confer additional advantage. Contrary to earlier fears, immunoglobulin use is not associated with an increased relapsed rate. Some patients do benefit from a second course of immunoglobulin in recurrent Guillain-Barré syndrome.     

Luteinization of porcine preovulatory follicles leads to systematic changes in follicular gene expression

The LH surge initiates the luteinization of preovulatory follicles and causes hormonal and structural changes that ultimately lead to ovulation and the formation of corpora lutea. The objective of the study was to examine gene expression in ovarian follicles (n = 11) collected from pigs (Sus scrofa domestica) approaching estrus (estrogenic preovulatory follicle; n = 6 follicles from two sows) and in ovarian follicles collected from pigs on the second day of estrus (preovulatory follicles that were luteinized but had not ovulated; n = 5 follicles from two sows). The follicular status within each follicle was confirmed by follicular fluid analyses of estradiol and progesterone ratios. Microarrays were made from expressed sequence tags that were isolated from cDNA libraries of porcine ovary. Gene expression was measured by hybridization of fluorescently labeled cDNA (preovulatory estrogenic or -luteinized) to the microarray. Microarray analyses detected 107 and 43 genes whose expression was decreased or increased (respectively) during the transition from preovulatory estrogenic to -luteinized (P<0.01). Cells within preovulatory estrogenic follicles had a gene-expression profile of proliferative and metabolically active cells that were responding to oxidative stress. Cells within preovulatory luteinized follicles had a gene-expression profile of nonproliferative and migratory cells with angiogenic properties. Approximately, 40% of the discovered genes had unknown function.     

Transparent anti-stain coatings with good thermal and mechanical properties based on polyimide-silica nanohybrids

In this work, we synthesized polyimide/silica hybrid materials via sol-gel method using a fluorinated poly(amic acid) silane precursor and a variety of perfluorosilane contents. We studied the influence of a hybrid coating film with the following characteristics; hydrophobicity, oleophobicity, optical transparency, and surface hardness of the coating films. The hybrid coatings with the fluorosilane contents up to 10 wt% are optically transparent and present good thermal stability with a degradation temperature of > 500 degrees C as well as a glass transition of > 300 degrees C. Both water contact angle and oil contact angle increase rapidly with introducing small amount of the fluorosilane in the hybrids and reaches the maximum of 115 degrees and 61 degrees, respectively. The hardness of the hybrid coatings increases up to 5H with an increase of the FTES content in the hybrids. These colorless, transparent, and thermally stable hybrid materials could be suitable for applications as anti-stain coatings.     

Identifying and understanding header file hotspots in C/C++ build processes

Software developers rely on a fast build system to incrementally compile their source code changes and produce modified deliverables for testing and deployment. Header files, which tend to trigger slow rebuild processes, are most problematic if they also change frequently during the development process, and hence, need to be rebuilt often. In this paper, we propose an approach that analyzes the build dependency graph (i.e., the data structure used to determine the minimal list of commands that must be executed when a source code file is modified), and the change history of a software system to pinpoint header file hotspots—header files that change frequently and trigger long rebuild processes. Through a case study on the GLib, PostgreSQL, Qt, and Ruby systems, we show that our approach identifies header file hotspots that, if improved, will provide greater improvement to the total future build cost of a system than just focusing on the files that trigger the slowest rebuild processes, change the most frequently, or are used the most throughout the codebase. Furthermore, regression models built using architectural and code properties of source files can explain 32–57 % of these hotspots, identifying subsystems that are particularly hotspot-prone and would benefit the most from architectural refinement.