Visualizing Security Vulnerability Evolution of Software Systems

Abstract

The analysis of large-scale software and finding security vulnerabilities while its evolving is difficult without using supplementary tools, because of the size and complexity of today’s systems. However, just looking at a report may not transmit the overall picture of the system in terms of security vulnerabilities and its evolution throughout the project lifecycle. Software visualization is a program comprehension technique used in the context of the present and explores large amounts of information precisely. For the analysis of security vulnerabilities of complex software systems, Secure Codecity with evolution is an interactive 3D visualization tool that can be utilized. It utilize techniques and methods that are used in graphical visualualization to illustrating security aspects and the evolution of software. The main goal of the proposed framework defined as uplift, simplify, and clarify the mental representation that a software engineer has a software system and its evolution in terms of its security. Static code was visualized based on a city metaphor, which represents classes as buildings and packages as districts of a city. Identified Vulnerabilities were represented in a different color according to the severity. To visualize different aspects, large variety of options were given. Users can evaluate the evolution of the security vulnerabilities of a system on several versions using matrices provided which will help users go get an overall understanding of security vulnerabilities varies with different versions of the software. This framework was implemented using SonarQube for software vulnerability detection and ThreeJs for implementing the City Metaphor. The evaluation results evidently show that our framework surpasses the existing tools in terms of accuracy, efficiency, and usability.