{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T16:13:49Z","timestamp":1781108029034,"version":"3.54.1"},"reference-count":29,"publisher":"IGI Global Scientific Publishing","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014,7]]},"abstract":"<jats:p>This paper evaluates a metric suite to predict vulnerable Java classes based on how much the design of an application has changed over time. It refers to this concept as design churn in analogy with code churn. Based on a validation on 10 Android applications, it shows that several design churn metrics are in fact significantly associated with vulnerabilities. When used to build a prediction model, the metrics yield an average precision of 0.71 and an average recall of 0.27.<\/jats:p>","DOI":"10.4018\/ijsse.2014070102","type":"journal-article","created":{"date-parts":[[2014,11,6]],"date-time":"2014-11-06T09:18:04Z","timestamp":1415265484000},"page":"16-31","source":"Crossref","is-referenced-by-count":2,"title":["Design Churn as Predictor of Vulnerabilities?"],"prefix":"10.4018","volume":"5","author":[{"given":"Aram","family":"Hovsepyan","sequence":"first","affiliation":[{"name":"iMinds-DistriNet, KU Leuven, Leuven, Belgium"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Riccardo","family":"Scandariato","sequence":"additional","affiliation":[{"name":"iMinds-DistriNet, KU Leuven, Leuven, Belgium"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Maximilian","family":"Steff","sequence":"additional","affiliation":[{"name":"Free University of Bozen, Bolzano, Italy"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Wouter","family":"Joosen","sequence":"additional","affiliation":[{"name":"iMinds-DistriNet, KU Leuven, Leuven, Belgium"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"2432","reference":[{"key":"ijsse.2014070102-0","doi-asserted-by":"publisher","DOI":"10.1109\/ESEM.2011.18"},{"key":"ijsse.2014070102-1","doi-asserted-by":"publisher","DOI":"10.1109\/32.544352"},{"key":"ijsse.2014070102-2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2008.10.027"},{"key":"ijsse.2014070102-3","doi-asserted-by":"publisher","DOI":"10.1016\/j.sysarc.2010.06.003"},{"key":"ijsse.2014070102-4","doi-asserted-by":"publisher","DOI":"10.1145\/1449955.1449790"},{"key":"ijsse.2014070102-5","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382218"},{"key":"ijsse.2014070102-6","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-00199-4_12"},{"key":"ijsse.2014070102-7","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2005.112"},{"key":"ijsse.2014070102-8","first-page":"179","article-title":"A linear-time graph kernel.","author":"S.Hido","year":"2009","journal-title":"IEEE International Conference on Data Mining"},{"key":"ijsse.2014070102-9","unstructured":"IDC. Android and iOS surge to new smartphone OS record in second quarter of 2012. Retrieved September 1, 2012, from http:\/\/www.idc.com\/getdoc.jsp?containerId=prUS23638712"},{"key":"ijsse.2014070102-10","doi-asserted-by":"publisher","DOI":"10.1049\/sej.1990.0007"},{"key":"ijsse.2014070102-11","unstructured":"Leuven, K. U. (2013). Experiment materials. http:\/\/goo.gl\/asB5H"},{"key":"ijsse.2014070102-12","author":"G.McGraw","year":"2006","journal-title":"Software Security: Building Security"},{"key":"ijsse.2014070102-13","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2007.256941"},{"key":"ijsse.2014070102-14","doi-asserted-by":"publisher","DOI":"10.1145\/1062455.1062558"},{"key":"ijsse.2014070102-15","first-page":"30","article-title":"The beauty and the beast: vulnerabilities in red hat\u2019s packages.","author":"S.Neuhaus","year":"2009","journal-title":"Proceedings of the 2009 conference on USENIX Annual technical conference"},{"key":"ijsse.2014070102-16","first-page":"529","article-title":"Predicting vulnerable software components.","author":"S.Neuhaus","year":"2007","journal-title":"ACM Conference on Computer and Communications Security (CCS)"},{"key":"ijsse.2014070102-17","doi-asserted-by":"publisher","DOI":"10.1145\/1853919.1853923"},{"key":"ijsse.2014070102-18","doi-asserted-by":"publisher","DOI":"10.1145\/1159733.1159739"},{"key":"ijsse.2014070102-19","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.81"},{"issue":"1","key":"ijsse.2014070102-20","first-page":"1","article-title":"Can traditional fault prediction models be used for vulnerability prediction?","volume":"18","author":"Y.Shin","year":"2011","journal-title":"Empirical Software Engineering"},{"key":"ijsse.2014070102-21","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2011.15"},{"key":"ijsse.2014070102-22","doi-asserted-by":"publisher","DOI":"10.1109\/ESEM.2011.31"},{"key":"ijsse.2014070102-23","doi-asserted-by":"publisher","DOI":"10.1145\/2372251.2372261"},{"key":"ijsse.2014070102-24","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2012.1"},{"key":"ijsse.2014070102-25","doi-asserted-by":"publisher","DOI":"10.1109\/4235.585893"},{"key":"ijsse.2014070102-26","unstructured":"Zeman, E. (2011). Android, IOS crush blackberry market share. Retrieved September 2012, from http:\/\/www.informationweek.com\/mobile\/mobile-devices\/android-ios-crush-blackberry-market-share\/d\/d-id\/1104538?"},{"key":"ijsse.2014070102-27","doi-asserted-by":"publisher","DOI":"10.1145\/1368088.1368161"},{"key":"ijsse.2014070102-28","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2010.32"}],"container-title":["International Journal of Secure Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=118146","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2018,11,20]],"date-time":"2018-11-20T21:39:51Z","timestamp":1542749991000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/ijsse.2014070102"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2014,7]]},"references-count":29,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.4018\/ijsse.2014070102","relation":{},"ISSN":["1947-3036","1947-3044"],"issn-type":[{"value":"1947-3036","type":"print"},{"value":"1947-3044","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014,7]]}}}