generated from ossf/project-template
-
Notifications
You must be signed in to change notification settings - Fork 52
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Comment: Added report for September 2023.
- Loading branch information
1 parent
2c8cc7d
commit cec519f
Showing
2 changed files
with
33 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| # OpenRefactory Update: September 2023 | ||
|
|
||
| ## Scan Results | ||
|
|
||
| Link to results: https://docs.google.com/spreadsheets/d/1K8dc6SrSEoqqh46cFisZM1tiN4CigaXsqkCKfCM8UTs/edit#gid=228743971 | ||
|
|
||
| In the month of September, the engineers at OpenRefactory focused on Python and Java projects. | ||
|
|
||
| The outcome of these efforts is in the following table. Note that the numbers are cumulative. | ||
|
|
||
| | | Aug 2023 | Sep 2023 | | ||
| |--|--|--| | ||
| | Projects analyzed | 132 | 458 | | ||
| | Projects with no bugs | 98 | 398 | | ||
| | Total bugs filed | 33 | 75 | | ||
| | Security/Reliability bugs filed | 12 | 23 | | ||
| | Bugs with a fix suggestion | 26 | 64 | | ||
| | Bugs with a PoC exploit | 6 | 13 | | ||
| | Fixes merged by maintainers | 15 (45%) | 38 (51%) | | ||
| | Fixes ignored by maintainers | Not measured | 8 (11%) | | ||
| | Reports still open | Not measured | 29 (39%) | | ||
|
|
||
| In September, 11 new security and reliability issues were identified, including cross-site request forgery, log injection, null dereference and unsafe library call (mktemp) issues. | ||
|
|
||
| ## Improvement in Bug Acceptance Rate | ||
| At this point, over half of the reported bugs are accepted. This is imporvement upon the result from the last month. | ||
|
|
||
| The actual fixing rate may be even higher. Many bugs that were reported in August eventually got fixed in September. For example a security issue involving unsafe library call (mktemp) was reported on August 10, 2023. At the time of writing the report, the bug has been accepted but it will probably be added to the codebase sometime in October. Similarly, a bug reported in April 2023 during the second PoC has been accepted but the process of inclusion is still going on. | ||
|
|
||
| Over the course of time, we will see this happening in many of the bug reports that are still open. | ||
|
|