English
Related papers

Related papers: Less is More: Supporting Developers in Vulnerabili…

200 papers

Context: Contemporary software development organizations lack diversity and the ratios of women in Free and open-source software (FOSS) communities are even lower than the industry average. Although the results of recent studies hint the…

Software Engineering · Computer Science 2023-02-09 Sayma Sultana , Asif Kamal Turzo , Amiangshu Bosu

With the wave of high-profile supply chain attacks targeting development and client organizations, supply chain security has recently become a focal point. As a result, there is an elevated discussion on securing the development environment…

Increasing code velocity is a common goal for a variety of software projects. The efficiency of the code review process significantly impacts how fast the code gets merged into the final product and reaches the customers. We conducted a…

Software Engineering · Computer Science 2023-11-07 Gunnar Kudrjavets , Ayushi Rastogi

High-quality software products rely on both well-written source code and timely detection and thorough reporting of bugs. However, some programmers view bug reports as negative assessments of their work, leading them to withhold reporting…

Software Engineering · Computer Science 2024-03-19 Vitaly Alifanov , Kamil Almetov , Ivan Kornienko , Arsen Mutalapov , Yegor Bugayenko

Security issue reports are the primary means of informing development teams of security risks in projects, but little is known about current practices. We aim to understand the characteristics of these reports in open-source projects and…

Cryptography and Security · Computer Science 2021-12-21 Noah Bühlmann , Mohammad Ghafari

Context: Software code review aims to early find code anomalies and to perform code improvements when they are less expensive. However, issues and challenges faced by developers who do not apply code review practices regularly are unclear.…

Software Engineering · Computer Science 2020-08-04 Marcos Dosea , Claudio Sant'Anna , Ythanna Oliveira , Methanias Colaco Junior

Vulnerability detection plays a key role in secure software development. There are many different vulnerability detection tools and techniques to choose from, and insufficient information on which vulnerability detection techniques to use…

Software Engineering · Computer Science 2021-03-10 Sarah Elder

Background: Research software is crucial for enabling research discoveries and supporting data analysis, simulation, and interpretation across domains. However, evolving requirements, complex inputs, and legacy dependencies hinder the…

Software Engineering · Computer Science 2025-12-16 Md Ariful Islam Malik , Jeffrey C. Carver , Nasir U. Eisty

Proponents of software verification have argued that simpler code is easier to verify: that is, that verification tools issue fewer false positives and require less human intervention when analyzing simpler code. We empirically validate…

Software Engineering · Computer Science 2023-11-01 Kobi Feldman , Martin Kellogg , Oscar Chaparro

Despite various approaches being employed to detect vulnerabilities, the number of reported vulnerabilities shows an upward trend over the years. This suggests the problems are not caught before the code is released, which could be caused…

Cryptography and Security · Computer Science 2025-02-14 Karl Tamberg , Hayretdin Bahsi

Recent trends in the software development practices (Agile, DevOps, CI) have shortened the development life-cycle causing the need for efficient security-by-design approaches. In this context, software architectures are analyzed for…

Software Engineering · Computer Science 2019-06-06 Katja Tuma , Danial Hosseini , Kyriakos Malamas , Riccardo Scandariato

Code review is widely known as one of the best practices for software quality assurance in software development. In a typical code review process, reviewers check the code committed by developers to ensure the quality of the code, during…

Software Engineering · Computer Science 2024-04-05 Beiqi Zhang , Liming Fu , Peng Liang , Jiaxin Yu , Chong Wang

Software vulnerabilities often persist or re-emerge even after being fixed, revealing the complex interplay between code evolution and socio-technical factors. While source code metrics provide useful indicators of vulnerabilities, software…

Software Engineering · Computer Science 2026-01-21 Samiha Shimmi , Nicholas M. Synovic , Mona Rahimi , George K. Thiruvathukal

Software built on poor structural patterns often shows higher exposure to security defects. When code differs from established best practices, verification and maintenance become increasingly difficult, thereby raising the risk of…

Cryptography and Security · Computer Science 2026-01-26 Masoud Jamshidiyan Tehrani

Unit testing is an essential component of the software development life-cycle. A developer could easily and quickly catch and fix software faults introduced in the source code by creating and running unit tests. Despite their importance,…

Software Engineering · Computer Science 2021-08-02 Denivan Campos , Larissa Rocha , Ivan Machado

Software security vulnerabilities can lead to severe consequences, making early detection essential. Although code review serves as a critical defense mechanism against security flaws, relevant feedback remains scarce due to limited…

Software Engineering · Computer Science 2026-01-06 Zixiao Zhao , Yanjie Jiang , Hui Liu , Kui Liu , Lu Zhang

During code reviews, an essential step in software quality assurance, reviewers have the difficult task of understanding and evaluating code changes to validate their quality and prevent introducing faults to the codebase. This is a tedious…

Software Engineering · Computer Science 2024-05-14 Doriane Olewicki , Sarra Habchi , Bram Adams

Identifying and addressing security issues during the early phase of the development lifecycle is critical for mitigating the long-term negative impacts on software systems. Code review serves as an effective practice that enables…

Software Engineering · Computer Science 2025-10-31 Fang Liu , Simiao Liu , Yinghao Zhu , Xiaoli Lian , Li Zhang

Code review plays an important role in software quality control. A typical review process would involve a careful check of a piece of code in an attempt to find defects and other quality issues/violations. One type of issues that may impact…

Software Engineering · Computer Science 2021-03-23 Xiaofeng Han , Amjed Tahir , Peng Liang , Steve Counsell , Yajing Luo

The assessment of new vulnerabilities is an activity that accounts for information from several data sources and produces a `severity' score for the vulnerability. The Common Vulnerability Scoring System (\CVSS) is the reference standard…

Cryptography and Security · Computer Science 2018-03-22 Luca Allodi , Sebastian Banescu , Henning Femmer , Kristian Beckers