Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security and Emotion: Sentiment Analysis of Security Discussions on GitHub

519 views

Published on

Application security is becoming increasingly prevalent during software and especially web application development. Consequently, countermeasures are continuously being discussed and built into applications, with the goal of reducing the risk that unauthorized code will be able to access, steal, modify, or delete sensitive data. We gauged the presence and atmosphere surrounding security-related discussions on GitHub, as mined from discussions around commits and pull requests.

First, we found that security-related discussions account for approximately 10\% of all discussions on GitHub. Second, we found that more negative emotions are expressed in security-related discussions than in other discussions. These findings confirm the importance of properly training developers to address security concerns in their applications
as well as the need to test applications thoroughly for security vulnerabilities in order to reduce frustration and
improve overall project atmosphere.

Published in: Science
  • Be the first to comment

Security and Emotion: Sentiment Analysis of Security Discussions on GitHub

  1. 1. Security and Emotion: Sentiment Analysis of Security Discussions on GitHub @DanielPletea @b_vasilescu @aserebrenik Eindhoven University of Technology, NL
  2. 2. SEC NEG: “Blocking a handful of very specific exploits is less useful, it gives the appearance of security when there may be many other vulnerabilities not protected against.” SEC POS: woot! one more exploit gone!
  3. 3. Security = more negative emotions Similar results • commits/pull requests • individual comments/disc ussions
  4. 4. Glossary of Key Information Security Terms Co-occurring tags Final list of security terms Challenge data Comments Discussions Security/other comments Security/other discussions NLTK Neutral % Pos/Neg % exploit, ldap, spoofing,
  5. 5. Challenge data ≠ GitHub Recognition of security comments/discussions might be imperfect NLTK was trained on movie reviews & tweets Commit messages were cut to 256 characters

×