Security is a requirement of utmost importance to produce high-quality
software. However, there is still a considerable amount of vulnerabilities
being discovered and fixed almost weekly. We hypothesize that developers affect
the maintainability of their codebases when patching vulnerabilities. This
paper evaluates the impact of patches to improve security on the
maintainability of open-source software. Maintainability is measured based on
the Better Code Hub’s model of 10 guidelines on a dataset, including 1300
security-related commits. Results show evidence of a trade-off between security
and maintainability for 41.90% of the cases, i.e., developers may hinder
software maintainability. Our analysis shows that 38.29% of patches increased
software complexity and 37.87% of patches increased the percentage of LOCs per
unit. The implications of our study are that changes to codebases while
patching vulnerabilities need to be performed with extra care; tools for patch
risk assessment should be integrated into the CI/CD pipeline; computer science
curricula needs to be updated; and, more secure programming languages are
necessary.

By admin