Fixing of security vulnerabilities in open source projects: A case study of apache HTTP server and apache tomcat