English
Related papers

Related papers: Are your dependencies code reviewed?: Measuring co…

200 papers

Peer code review has been found to be effective in identifying security vulnerabilities. However, despite practicing mandatory code reviews, many Open Source Software (OSS) projects still encounter a large number of post-release security…

Software Engineering · Computer Science 2021-02-16 Rajshakhar Paul , Asif Kamal Turzo , Amiangshu Bosu

Developers rely on open-source packages and must review dependencies to safeguard against vulnerable or malicious upstream code. A careful review of all dependencies changes often does not occur in practice. Therefore, developers need…

Software Engineering · Computer Science 2025-07-24 Sivana Hamer , Nasif Imtiaz , Mahzabin Tamanna , Preya Shabrina , Laurie Williams

Developers are increasingly using services such as Dependabot to automate dependency updates. However, recent research has shown that developers perceive such services as unreliable, as they heavily rely on test coverage to detect conflicts…

Software Engineering · Computer Science 2021-09-27 Joseph Hejderup , Georgios Gousios

Code review is a common process that is used by developers, in which a reviewer provides useful comments or points out defects in the submitted source code changes via pull request. Code review has been widely used for both industry and…

Software Engineering · Computer Science 2019-12-23 JingKai Siow , Cuiyun Gao , Lingling Fan , Sen Chen , Yang Liu

An important goal for programmers is to minimize cost of identifying and correcting defects in source code. Code review is commonly used for identifying programming defects. However, manual code review has some shortcomings: a) it is time…

Software Engineering · Computer Science 2018-09-13 Balwinder Sodhi , Shipra Sharma

Industry practitioners are increasingly concerned with software that contains vulnerable versions of third-party dependencies that are included both directly and transitively. To address this problem, projects are encouraged to both…

Software Engineering · Computer Science 2025-10-24 Imranur Rahman , Ranindya Paramitha , William Enck , Laurie Williams

Reusable software components, typically distributed as packages, are a central paradigm of modern software development. The JavaScript ecosystem serves as a prime example, offering millions of packages with their use being promoted as…

Software Engineering · Computer Science 2026-01-26 Ben Swierzy , Marc Ohm , Michael Meier

Code Review plays a crucial role in software quality, by allowing reviewers to discuss and critique any new patches before they can be successfully integrated into the project code. Yet, it is unsure the extent to which coding pattern…

Software Engineering · Computer Science 2021-03-17 Panyawut Sri-iesaranusorn , Raula Gaikovina Kula , Takashi Ishio

Complex software systems have a network of dependencies. Developers often configure package managers (e.g., npm) to automatically update dependencies with each publication of new releases containing bug fixes and new features. When a…

Software Engineering · Computer Science 2024-01-24 Daniel Venturini , Filipe Roseiro Cogo , Ivanilton Polato , Marco A Gerosa , Igor Scaliante Wiese

Third-party library reuse has become common practice in contemporary software development, as it includes several benefits for developers. Library dependencies are constantly evolving, with newly added features and patches that fix bugs in…

Software Engineering · Computer Science 2017-09-15 Raula Gaikovina Kula , Daniel M. German , Ali Ouni , Takashi Ishio , Katsuro Inoue

Background: Despite the widespread use of automated security defect detection tools, software projects still contain many security defects that could result in serious damage. Such tools are largely context-insensitive and may not cover all…

Software Engineering · Computer Science 2023-07-06 Jiaxin Yu , Liming Fu , Peng Liang , Amjed Tahir , Mojtaba Shahin

Motivation: Code understandability is crucial in software development, as developers spend 58% to 70% of their time reading source code. Improving it can improve productivity and reduce maintenance costs. Problem: Experimental studies often…

Software Engineering · Computer Science 2024-11-13 Delano Oliveira , Reydne Santos , Benedito de Oliveira , Martin Monperrus , Fernando Castor , Fernanda Madeiral

The increasing interest in open source software has led to the emergence of large language-specific package distributions of reusable software libraries, such as npm and RubyGems. These software packages can be subject to vulnerabilities…

Software Engineering · Computer Science 2022-03-29 Ahmed Zerouali , Tom Mens , Alexandre Decan , Coen De Roover

Dependency analysis is recognized as an important field of software engineering due to a variety of reasons. There exists a large pool of tools providing assistance to software developers and architects. Analysis of inter- and intra-project…

Software Engineering · Computer Science 2021-04-20 V. Repinskiy , V. Kovalenko

Security vulnerabilities introduced by applications using third-party dependencies are on the increase, caused by the emergence of large ecosystems of libraries such as the NPM packages for JavaScript. Nowadays, libraries depend on each…

Identifying security issues early is encouraged to reduce the latent negative impacts on software systems. Code review is a widely-used method that allows developers to manually inspect modified code, catching security issues during a…

Software Engineering · Computer Science 2024-05-10 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

Code review is a mature practice for software quality assurance in software development with which reviewers check the code that has been committed by developers, and verify the quality of code. During the code review discussions, reviewers…

Software Engineering · Computer Science 2022-03-31 Liming Fu , Peng Liang , Beiqi Zhang

AI coding agents increasingly modify real software repositories and make dependency decisions, including adding, removing, or updating third-party packages. These choices can materially affect security posture and maintenance burden, yet…

Software Engineering · Computer Science 2026-02-02 Tanmay Singla , Berk Çakar , Paschal C. Amusuo , James C. Davis

Code review is widely known as one of the best practices for software quality assurance in software development. In a typical code review process, reviewers check the code committed by developers to ensure the quality of the code, during…

Software Engineering · Computer Science 2024-04-05 Beiqi Zhang , Liming Fu , Peng Liang , Jiaxin Yu , Chong Wang

Modern software systems are often built by leveraging code written by others in the form of libraries and packages to accelerate their development. While there are many benefits to using third-party packages, software projects often become…

Software Engineering · Computer Science 2022-08-30 Jasmine Latendresse , Suhaib Mujahid , Diego Elias Costa , Emad Shihab
‹ Prev 1 2 3 10 Next ›