From f67c24c2dac2ed1c7ee5ddb11dc18edb54703162 Mon Sep 17 00:00:00 2001 From: "OpenRefactory, Inc" <56681071+openrefactory@users.noreply.github.com> Date: Mon, 30 Oct 2023 02:49:56 -0700 Subject: [PATCH] Comment: Added report for October 2023. Signed-off-by: OpenRefactory, Inc <56681071+openrefactory@users.noreply.github.com> --- .../engagements/2023/OpenRefactory/README.md | 1 + .../2023/OpenRefactory/update-2023-10.md | 52 +++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 alpha/engagements/2023/OpenRefactory/update-2023-10.md diff --git a/alpha/engagements/2023/OpenRefactory/README.md b/alpha/engagements/2023/OpenRefactory/README.md index 9ca3c8e6..d0d1aca1 100644 --- a/alpha/engagements/2023/OpenRefactory/README.md +++ b/alpha/engagements/2023/OpenRefactory/README.md @@ -32,6 +32,7 @@ This engagement started in July 2023. The metrics will be reviewed in December 2 * [July 2023](update-2023-07.md) * [August 2023](update-2023-08.md) * [September 2023](update-2023-09.md) +* [October 2023](update-2023-10.md) ## Primary Contacts diff --git a/alpha/engagements/2023/OpenRefactory/update-2023-10.md b/alpha/engagements/2023/OpenRefactory/update-2023-10.md new file mode 100644 index 00000000..3c7327e9 --- /dev/null +++ b/alpha/engagements/2023/OpenRefactory/update-2023-10.md @@ -0,0 +1,52 @@ +# OpenRefactory Update: October 2023 + +## Scan Results +Link to results: https://docs.google.com/spreadsheets/d/1K8dc6SrSEoqqh46cFisZM1tiN4CigaXsqkCKfCM8UTs/edit#gid=228743971 + +In the month of October, the engineers at OpenRefactory focused on Python, Java, and Go projects. We first show the work done during October. This is followed by the cumulative results. Finally we show language specific breakdown of the cumulative results. + +### October +| Month | Oct 2023 | +|--------------------------------------|----------| +| Projects analyzed | 351 | +| Projects with no bugs | 320 | +| Total bugs filed | 38 | +| Security/Reliability bugs filed | 20 | +| Bugs with a fix suggestion | 30 | +| Bugs with a PoC exploit | 5 | +| Fixes merged by maintainers | 16 | +| Security/Reliablity fixes mergeed | 8 | +| Fixes ignored by maintainers | 0 | +| Reports still open | 4 | + + +### Cumulative Data +| Month | Aug 2023 | Sep 2023 | Oct 2023 | +|--------------------------------------|--------------|--------------|----------| +| Projects analyzed | 132 | 458 | 809 | +| Projects with no bugs | 98 | 398 | 718 | +| Total bugs filed | 33 | 75 | 113 | +| Security/Reliability bugs filed | 12 | 23 | 43 | +| Bugs with a fix suggestion | 26 | 64 | 94 | +| Bugs with a PoC exploit | 6 | 13 | 18 | +| Fixes merged by maintainers | 15 (45%) | 38 (51%) | 54 (48%) | +| Security/Reliability fixes merged | Not measured | Not measured | 13 (30%) | +| Fixes ignored by maintainers | Not measured | 8 (11%) | 7 (6%) | +| Reports still open | Not measured | 29 (39%) | 33 (29%) | + + +### Language Specific Data +| Language | Python | Java | Go | TOTAL | +| ---------------------------------------------- | ------ | ---- | -- | ----- | +| \# of total projects analyzed | 694 | 79 | 36 | 809 | +| \# of total zerofix projects | 622 | 67 | 29 | 718 | +| \# of total bugs filed | 92 | 13 | 8 | 113 | +| \# of total security/reliablity bugs filed | 32 | 7 | 4 | 43 | +| \# of total bugs with fix suggestion | 83 | 6 | 5 | 94 | +| \# of total POC exploit | 14 | 4 | 0 | 18 | +| \# of total merged fixes | 47 | 3 | 4 | 54 | +| \# of total merged security/reliability fixes | 9 | 2 | 2 | 13 | +| \# of total ignored/rejected fixes | 6 | 1 | 0 | 7 | +| \# of total open fixes | 30 | 2 | 1 | 33 | + +In October, 20 new security and reliability bugs were filed, including various injection issues, weak cryptography issues, unsafe library calls (mktemp) related issues, file permission issues, data races and null pointer dereferences.