RQ2: Root Cause

RQ2: Root Cause

We further conducted a detailed analysis of the root causes of the bugs collected in CRSs. The taxonomy of root causes is presented in Fig. 3, which includes categories of: Coding Error, Configuration Error, and Others. There are a total of 13 leaf categories, including others that do not fit logically into the other categories. Similarly, the categories in red represent the security vulnerabilities flagged bug root causes, i.e., they have caused real world security consequences. These categories can be ranked into four groups based on their prevalence and colored with different intensities to represent their severity.

Findings

1. Coding Errors are the most common root cause of bugs in CRSs, accounting for 65.50% of all bugs. In addition to common coding errors such as incorrect API usage and flawed logic, coding errors in CRSs are often related to the importing of images and the management of container lifecycles.

2. Complex configurations during development and usage phases of CRSs make configuration errors a significant cause of bugs (31.47%). These errors often involve mount options, permission configurations, plugin configurations, system call configurations, and shim configurations.