Call Graph Delta Analysis and Security Vulnerability Assessment with Static Analysis

Several quality attributes like maintainability, reliability and security tend to degrade as software evolves. We aim at monitoring the impact of changes on software systems and identify potential vulnerabilities that are introduced by these changes. We apply static analysis on successive versions of source code to extract call graphs throughout its evolution. These graph models are analyzed and compared with each other to quantify the impact of software evolution and the risk for potential vulnerabilities. Graph edit distance metric is used for quantifying delta between graph models. The risk for security vulnerabilities is evaluated based on the dependencies of the source code on a set of functions that are known to be vulnerable, and distances of these functions to the entry points of the program in the call graph. We apply our approach on a set of open source projects. We show that versions with drastic changes and potential vulnerabilities can be highlighted.