English

The Popularity Hypothesis in Software Security: A Large-Scale Replication with PHP Packages

Software Engineering 2025-06-12 v2 Cryptography and Security

Abstract

There has been a long-standing hypothesis that a software's popularity is related to its security or insecurity in both research and popular discourse. There are also a few empirical studies that have examined the hypothesis, either explicitly or implicitly. The present work continues with and contributes to this research with a replication-motivated large-scale analysis of software written in the PHP programming language. The dataset examined contains nearly four hundred thousand open source software packages written in PHP. According to the results based on reported security vulnerabilities, the hypothesis does holds; packages having been affected by vulnerabilities over their release histories are generally more popular than packages without having been affected by a single vulnerability. With this replication results, the paper contributes to the efforts to strengthen the empirical knowledge base in cyber and software security.

Keywords

Cite

@article{arxiv.2502.16670,
  title  = {The Popularity Hypothesis in Software Security: A Large-Scale Replication with PHP Packages},
  author = {Jukka Ruohonen and Qusai Ramadan},
  journal= {arXiv preprint arXiv:2502.16670},
  year   = {2025}
}

Comments

Resubmitted

R2 v1 2026-06-28T21:54:43.420Z