You're essentially suggesting a Drake equation [1] equivalent for the number of security vulnerabilities based on NLoC. What other factors would be part of this equation?
Language or framework definitely plays a role (isn't that what the Rust people are so excited about). Maybe say like the materials/tools used.
There's definitely some measure of complexity. I still like simple cyclomatic but I know there are better ones out there that try to capture the cognitive load of understanding the code.
The attack surface of the system is definitely important. The more ways that more people have to interface with the code, the more likely it is that there will be a mistake.
Security practices need to be captured in some way (maybe a factor that gets applied). If you have vulnerability scanning enabled that's going to catch some percentage of bugs. So will static analysis, code reviews, etc.
CSMastermind|1 year ago
There's definitely some measure of complexity. I still like simple cyclomatic but I know there are better ones out there that try to capture the cognitive load of understanding the code.
The attack surface of the system is definitely important. The more ways that more people have to interface with the code, the more likely it is that there will be a mistake.
Security practices need to be captured in some way (maybe a factor that gets applied). If you have vulnerability scanning enabled that's going to catch some percentage of bugs. So will static analysis, code reviews, etc.
maximus-decimus|1 year ago
bobnamob|1 year ago