Prevalence of Security Vulnerabilities in C++ Projects

Thiago Gadelha; Wallisson Freitas; Eduardo Rodrigues; José Maria Monteiro; Javam Machado

doi:10.5220/0013570700003967

Prevalence of Security Vulnerabilities in C++ Projects

Thiago Gadelha, Wallisson Freitas, Eduardo Rodrigues, José Maria Monteiro, Javam Machado

2025

Abstract

One of the most critical tasks for organizations nowadays is to maintain the security of their software products. Common software vulnerabilities can result in severe security breaches, financial losses, and reputation deterioration. A software security vulnerability can be defined as a flaw in the source code that can be exploited by an attacker to gain unauthorized access to the software, thereby compromising its behavior and functionality. Then, detecting and fixing security vulnerabilities in the source code of software systems is one of the most significant challenges in the field of information security. The Static Application Security Testing (SAST) tools are capable of statically analyzing the source code, without executing it, to identify security vulnerabilities, bugs, and code smells during the coding phase, when it is relatively inexpensive to detect and resolve security issues. In this context, this paper proposes an exploratory study of security vulnerabilities in C++ code from very large projects. We analyzed twenty-six worldwide C++ projects and empirically studied the prevalence of security vulnerabilities. Our results showed that some vulnerabilities occur together. Besides, some vulnerabilities are more frequent than others. Based on these findings, this paper has the potential to aid software developers in avoiding future problems during the development of a C++ project.

Download

Paper Citation

in Harvard Style

Gadelha T., Freitas W., Rodrigues E., Monteiro J. and Machado J. (2025). Prevalence of Security Vulnerabilities in C++ Projects. In Proceedings of the 14th International Conference on Data Science, Technology and Applications - Volume 1: DATA; ISBN 978-989-758-758-0, SciTePress, pages 567-574. DOI: 10.5220/0013570700003967

in Bibtex Style

@conference{data25,
author={Thiago Gadelha and Wallisson Freitas and Eduardo Rodrigues and José Monteiro and Javam Machado},
title={Prevalence of Security Vulnerabilities in C++ Projects},
booktitle={Proceedings of the 14th International Conference on Data Science, Technology and Applications - Volume 1: DATA},
year={2025},
pages={567-574},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013570700003967},
isbn={978-989-758-758-0},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 14th International Conference on Data Science, Technology and Applications - Volume 1: DATA
TI - Prevalence of Security Vulnerabilities in C++ Projects
SN - 978-989-758-758-0
AU - Gadelha T.
AU - Freitas W.
AU - Rodrigues E.
AU - Monteiro J.
AU - Machado J.
PY - 2025
SP - 567
EP - 574
DO - 10.5220/0013570700003967
PB - SciTePress