English
Related papers

Related papers: Toward Effective Secure Code Reviews: An Empirical…

200 papers

Code review plays an important role in software quality control. A typical review process would involve a careful check of a piece of code in an attempt to find defects and other quality issues/violations. One type of issues that may impact…

Software Engineering · Computer Science 2021-03-23 Xiaofeng Han , Amjed Tahir , Peng Liang , Steve Counsell , Yajing Luo

Code reviews are popular in both industrial and open source projects. The benefits of code reviews are widely recognized and include better code quality and lower likelihood of introducing bugs. However, since code review is a manual…

Software Engineering · Computer Science 2021-05-20 Rosalia Tufano , Luca Pascarella , Michele Tufano , Denys Poshyvanyk , Gabriele Bavota

Code review is a critical practice in modern software engineering, helping developers detect defects early, improve code quality, and facilitate knowledge sharing. With the rapid advancement of large language models (LLMs), a growing body…

Software Engineering · Computer Science 2026-02-17 Taufiqul Islam Khan , Shaowei Wang , Haoxiang Zhang , Tse-Hsun Chen

Large language models (LLMs) are widely used in software development. However, the code generated by LLMs often contains vulnerabilities. Several secure code generation methods have been proposed to address this issue, but their current…

Cryptography and Security · Computer Science 2025-11-14 Shih-Chieh Dai , Jun Xu , Guanhong Tao

Code review that detects and locates defects and other quality issues plays an important role in software quality control. One type of issue that may impact the quality of software is code smells. Yet, little is known about the extent to…

Software Engineering · Computer Science 2022-05-17 Xiaofeng Han , Amjed Tahir , Peng Liang , Steve Counsell , Kelly Blincoe , Bing Li , Yajing Luo

Identifying and addressing security issues during the early phase of the development lifecycle is critical for mitigating the long-term negative impacts on software systems. Code review serves as an effective practice that enables…

Software Engineering · Computer Science 2025-10-31 Fang Liu , Simiao Liu , Yinghao Zhu , Xiaoli Lian , Li Zhang

Developers use different means to document the security concerns of their code. Because of all of these opportunities, they may forget where the information is stored, or others may not be aware of it, and leave it unmaintained for so long…

Software Engineering · Computer Science 2025-01-15 Moritz Mock , Thomas Forrer , Barbara Russo

Code review is a mature practice for software quality assurance in software development with which reviewers check the code that has been committed by developers, and verify the quality of code. During the code review discussions, reviewers…

Software Engineering · Computer Science 2022-03-31 Liming Fu , Peng Liang , Beiqi Zhang

Automation of code reviews using AI models has garnered substantial attention in the software engineering community as a strategy to reduce the cost and effort associated with traditional peer review processes. These models are typically…

Software Engineering · Computer Science 2025-04-24 Leonardo Centellas-Claros , Juan J. Alonso-Lecaros , Juan Pablo Sandoval Alcocer , Andres Neyem

While code review is central to the software development process, it can be tedious and expensive to carry out. In this paper, we investigate whether and how Large Language Models (LLMs) can aid with code reviews. Our investigation focuses…

Software Engineering · Computer Science 2024-03-14 Rasmus Ingemann Tuffveson Jensen , Vali Tawosi , Salwa Alamir

Logging code plays an important role in software systems by recording key events and behaviors, which are essential for debugging and monitoring. However, insecure logging practices can inadvertently expose sensitive information or enable…

Software Engineering · Computer Science 2026-04-23 He Yang Yuan , Xin Wang , Kundi Yao , An Ran Chen , Zishuo Ding , Zhenhao Li

Context: Software code review aims to early find code anomalies and to perform code improvements when they are less expensive. However, issues and challenges faced by developers who do not apply code review practices regularly are unclear.…

Software Engineering · Computer Science 2020-08-04 Marcos Dosea , Claudio Sant'Anna , Ythanna Oliveira , Methanias Colaco Junior

Code smells are symptoms of poor design quality. Since code review is a process that also aims at improving code quality, we investigate whether and how code review influences the severity of code smells. In this study, we analyze more than…

Software Engineering · Computer Science 2019-12-24 Luca Pascarella , Davide Spadini , Fabio Palomba , Alberto Bacchelli

Context. Modern Code Review (MCR) is being adopted in both open source and commercial projects as a common practice. MCR is a widely acknowledged quality assurance practice that allows early detection of defects as well as poor coding…

Software Engineering · Computer Science 2021-10-01 Moataz Chouchen , Jefferson Olongo , Ali Ouni , Mohamed Wiem Mkaouer

The immense amounts of source code provide ample challenges and opportunities during software development. To handle the size of code bases, developers commonly search for code, e.g., when trying to find where a particular feature is…

Software Engineering · Computer Science 2022-10-06 Luca Di Grazia , Michael Pradel

Background: Research software is crucial for enabling research discoveries and supporting data analysis, simulation, and interpretation across domains. However, evolving requirements, complex inputs, and legacy dependencies hinder the…

Software Engineering · Computer Science 2025-12-16 Md Ariful Islam Malik , Jeffrey C. Carver , Nasir U. Eisty

An important goal for programmers is to minimize cost of identifying and correcting defects in source code. Code review is commonly used for identifying programming defects. However, manual code review has some shortcomings: a) it is time…

Software Engineering · Computer Science 2018-09-13 Balwinder Sodhi , Shipra Sharma

Software security requirements have been traditionally considered as a non-functional attribute of the software. However, as more software started to provide services online, existing mechanisms of using firewalls and other hardware to…

Software Engineering · Computer Science 2023-10-24 Asif Imran

Smart contracts are self-executing programs that run on blockchains (e.g., Ethereum). 680 million US dollars worth of digital assets controlled by smart contracts have been hacked or stolen due to various security vulnerabilities in 2021.…

Cryptography and Security · Computer Science 2022-04-26 Tanusree Sharma , Zhixuan Zhou , Andrew Miller , Yang Wang

Static security analysis is a widely used technique for detecting software vulnerabilities across a wide range of weaknesses, application domains, and programming languages. While prior work surveyed static analyzes for specific weaknesses…

Cryptography and Security · Computer Science 2026-02-23 Kevin Hermann , Sven Peldszus , Thorsten Berger