Managing security of source code
First Claim
Patent Images
1. A computer-implemented method for use in managing security of source code, the computer-implemented method comprising:
- receiving, from a user, an electronic request to submit a source code change;
performing an analysis of one or more prior source code changes associated with the user to determine the user'"'"'s typical halstead complexity measure, typical cyclomatic complexity measure, typical afferent coupling measure, and typical efferent coupling measure, wherein said halstead measure describes a coding style of the user and is derived from a number of distinct operators, a number of distinct operands, a total number of operators, and a total number of operands in connection with the one or more prior source code changes, wherein the cyclomatic complexity measure relates to a number of linearly independent paths through a unit of a project, and wherein the afferent and efferent coupling measures relate respectively to a number of other classes that reference a class and a number of other classes referenced by a class;
determining a riskiness in connection with the received source code change by measuring a deviation in the received source code change from the said measures, wherein the riskiness indicates whether the user is genuine or fraudulent; and
based on the riskiness in connection with the received source code change, controlling submission of the source code change to a source code repository such that the source code change will be submitted if the riskiness indicates that the user is genuine and will be rejected if the riskiness indicates that the user is fraudulent.
9 Assignments
0 Petitions
Accused Products
Abstract
A method is used in managing security of source code. Source code characteristics are derived from a source code change. Based on the source code characteristics, risk information associated with the source code change is produced.
-
Citations
12 Claims
-
1. A computer-implemented method for use in managing security of source code, the computer-implemented method comprising:
-
receiving, from a user, an electronic request to submit a source code change; performing an analysis of one or more prior source code changes associated with the user to determine the user'"'"'s typical halstead complexity measure, typical cyclomatic complexity measure, typical afferent coupling measure, and typical efferent coupling measure, wherein said halstead measure describes a coding style of the user and is derived from a number of distinct operators, a number of distinct operands, a total number of operators, and a total number of operands in connection with the one or more prior source code changes, wherein the cyclomatic complexity measure relates to a number of linearly independent paths through a unit of a project, and wherein the afferent and efferent coupling measures relate respectively to a number of other classes that reference a class and a number of other classes referenced by a class; determining a riskiness in connection with the received source code change by measuring a deviation in the received source code change from the said measures, wherein the riskiness indicates whether the user is genuine or fraudulent; and based on the riskiness in connection with the received source code change, controlling submission of the source code change to a source code repository such that the source code change will be submitted if the riskiness indicates that the user is genuine and will be rejected if the riskiness indicates that the user is fraudulent. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for use in managing security of source code, the system comprising:
-
memory; and processing circuitry coupled to the memory, the memory storing instructions which, when executed by the processing circuitry, cause the processing circuitry to; receive, from a user, an electronic request to submit a source code change; perform an analysis of one or more prior source code changes associated with the user to determine the user'"'"'s typical halstead complexity measure, typical cyclomatic complexity measure, typical afferent coupling measure, and typical efferent coupling measure, wherein said halstead measure describes a coding style of the user and is derived from a number of distinct operators, a number of distinct operands, a total number of operators, and a total number of operands in connection with the one or more prior source code changes, wherein the cyclomatic complexity measure relates to a number of linearly independent paths through a unit of a project, and wherein the afferent and efferent coupling measures relate respectively to a number of other classes that reference a class and a number of other classes referenced by a class; determine a riskiness in connection with the received source code change by measuring a deviation in the received source code change from the said measures, wherein the riskiness indicates whether the user is genuine or fraudulent; and based on the riskiness in connection with the received source code change, control submission of the source code change to a source code repository such that the source code change will be submitted if the riskiness indicates that the user is genuine and will be rejected if the riskiness indicates that the user is fraudulent. - View Dependent Claims (11, 12)
-
Specification