English
Related papers

Related papers: Less is More: Supporting Developers in Vulnerabili…

200 papers

Code review is a well-established and valued practice in the software engineering community contributing to both code quality and interpersonal benefits. However, there are challenges in both tools and processes that give rise to…

Software Engineering · Computer Science 2025-07-15 Lo Gullstrand Heander , Emma Söderberg , Christofer Rydenfält

Background: Contemporary software development organizations lack diversity and the ratios of women in Free and open-source software (FOSS) communities are even lower than the industry average. Although the results of recent studies hint the…

Software Engineering · Computer Science 2023-02-07 Sayma Sultana , Amiangshu Bosu

Developer turnover is inevitable on software projects and leads to knowledge loss, a reduction in productivity, and an increase in defects. Mitigation strategies to deal with turnover tend to disrupt and increase workloads for developers.…

Software Engineering · Computer Science 2023-12-29 Fahimeh Hajari , Samaneh Malmir , Ehsan Mirsaeedi , Peter C. Rigby

Open-source projects are essential to software development, but publicly disclosing vulnerabilities without fixes increases the risk of exploitation. The Open Source Security Foundation (OpenSSF) addresses this issue by promoting robust…

Turing completeness has made Ethereum smart contracts attractive to blockchain developers and attackers alike. To increase code security, many tools can now spot most known vulnerabilities$-$at the cost of production efficiency. Recent…

Cryptography and Security · Computer Science 2024-10-23 Tommaso Oss , Carlos E. Budde

As software development practices increasingly adopt AI-powered tools, ensuring that such tools can support secure coding has become critical. This study evaluates the effectiveness of GitHub Copilot's recently introduced code review…

Software Engineering · Computer Science 2025-09-18 Amena Amro , Manar H. Alalfi

Security code review is a time-consuming and labor-intensive process typically requiring integration with automated security defect detection tools. However, existing security analysis tools struggle with poor generalization, high false…

Software Engineering · Computer Science 2026-05-12 Jiaxin Yu , Peng Liang , Yujia Fu , Amjed Tahir , Mojtaba Shahin , Chong Wang , Yangxiao Cai

As modern software extensively uses open source packages, developers regularly pull in new upstream code through frequent updates. While a manual review of all upstream changes may not be practical, developers may rely on the authors' and…

Software Engineering · Computer Science 2023-06-02 Nasif Imtiaz , Preya Shabrina , Laurie Williams

Nearly all modern software suffers from bloat that negatively impacts its performance and security. To combat this problem, several automated techniques have been proposed to debloat software. A key metric used in many of these works to…

Cryptography and Security · Computer Science 2020-01-17 Michael D. Brown , Santosh Pande

A central function of code review is to increase understanding; helping reviewers understand a code change aids in knowledge transfer and finding bugs. Comments in code largely serve a similar purpose, helping future readers understand the…

Software Engineering · Computer Science 2022-04-04 Nikitha Rao , Jason Tsay , Martin Hirzel , Vincent J. Hellendoorn

In spite of the growing importance of software security and the industry demand for more cyber security expertise in the workforce, the effect of security education and experience on the ability to assess complex software security problems…

Computers and Society · Computer Science 2018-08-21 Luca Allodi , Marco Cremonini , Fabio Massacci , Woohyun Shim

The significant increase in software production driven by automation and faster development lifecycles has resulted in a corresponding surge in software vulnerabilities. In parallel, the evolving landscape of software vulnerability…

Cryptography and Security · Computer Science 2024-08-30 Yuejun Guo , Constantinos Patsakis , Qiang Hu , Qiang Tang , Fran Casino

GitHub introduced the suggestion feature to enable reviewers to explicitly suggest code modifications in pull requests. These suggestions make the reviewers' feedback more actionable for the submitters and represent a valuable knowledge for…

Software Engineering · Computer Science 2025-02-10 Abir Bouraffa , Yen Dieu Pham , Walid Maalej

Code review is an important quality assurance activity for software development. Code review discussions among developers and maintainers can be heated and sometimes involve personal attacks and unnecessary disrespectful comments,…

Software Engineering · Computer Science 2021-08-24 Isabella Ferreira , Jinghui Cheng , Bram Adams

Automation of code reviews using AI models has garnered substantial attention in the software engineering community as a strategy to reduce the cost and effort associated with traditional peer review processes. These models are typically…

Software Engineering · Computer Science 2025-04-24 Leonardo Centellas-Claros , Juan J. Alonso-Lecaros , Juan Pablo Sandoval Alcocer , Andres Neyem

Background: Code review is a cognitively demanding and time-consuming process. Previous qualitative studies hinted at how decomposing change sets into multiple yet internally coherent ones would improve the reviewing process. So far,…

Software Engineering · Computer Science 2020-01-22 Marco di Biase , Magiel Bruntink , Arie van Deursen , Alberto Bacchelli

Security vulnerabilities often arise unintentionally during development due to a lack of security expertise and code complexity. Traditional tools, such as static and dynamic analysis, detect vulnerabilities only after they are introduced…

Cryptography and Security · Computer Science 2026-02-03 Ranjith Krishnamurthy , Oshando Johnson , Goran Piskachev , Eric Bodden

Modern code review is a widely used technique employed in both industrial and open-source projects to improve software quality, share knowledge, and ensure adherence to coding standards and guidelines. During code review, developers may…

Software Engineering · Computer Science 2022-03-29 Eman Abdullah AlOmar , Moataz Chouchen , Mohamed Wiem Mkaouer , Ali Ouni

Third-party library dependencies are commonplace in today's software development. With the growing threat of security vulnerabilities, applying security fixes in a timely manner is important to protect software systems. As such, the…

Software Engineering · Computer Science 2022-05-18 Ayano Ikegami , Raula Gaikovina Kula , Bodin Chinthanet , Vittunyuta Maeprasart , Ali Ouni , Takashi Ishio , Kenichi Matsumoto

Code review is an essential process to ensure the quality of software that identifies potential software issues at an early stage of software development. Among all software issues, security issues are the most important to identify, as…

Software Engineering · Computer Science 2025-10-15 Yun Peng , Kisub Kim , Linghan Meng , Kui Liu