English
Related papers

Related papers: Where do developers admit their security-related c…

200 papers

Security issue reports are the primary means of informing development teams of security risks in projects, but little is known about current practices. We aim to understand the characteristics of these reports in open-source projects and…

Cryptography and Security · Computer Science 2021-12-21 Noah Bühlmann , Mohammad Ghafari

To avoid software vulnerabilities, organizations are shifting security to earlier stages of the software development, such as at code review time. In this paper, we aim to understand the developers' perspective on assessing software…

Software Engineering · Computer Science 2022-08-09 Larissa Braz , Alberto Bacchelli

Identifying security issues early is encouraged to reduce the latent negative impacts on software systems. Code review is a widely-used method that allows developers to manually inspect modified code, catching security issues during a…

Software Engineering · Computer Science 2024-05-10 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

Code comments are important for program comprehension, development, and maintenance tasks. Given the varying standards for code comments, and their unstructured or semi-structured nature, developers get easily confused (especially novice…

Software Engineering · Computer Science 2023-04-26 Pooja Rani , Mathias Birrer , Sebastiano Panichella , Mohammad Ghafari , Oscar Nierstrasz

A concern can be characterized as a developer's intent behind a piece of code, often not explicitly captured in it. We discuss a technique of recording concerns using source code annotations (concern annotations). Using two studies and two…

Software Engineering · Computer Science 2018-08-13 Matúš Sulír , Milan Nosáľ , Jaroslav Porubän

Perhaps the most widely used form of code documentation is function header comments. We performed a large-scale survey of 367 developers to catalog their expectations from such documentation and to chronicle actual practice. Paradoxically,…

Software Engineering · Computer Science 2024-01-17 Arthur Oxenhorn , Almog Mor , Uri Stern , Dror G. Feitelson

Open-source projects are essential to software development, but publicly disclosing vulnerabilities without fixes increases the risk of exploitation. The Open Source Security Foundation (OpenSSF) addresses this issue by promoting robust…

During software development, balancing security and non security issues is challenging. We focus on security awareness and approaches taken by non-security experts using software development issue trackers when considering security. We…

Software Engineering · Computer Science 2023-08-28 Léon McGregor , Manuel Maarek , Hans-Wolfgang Loidl

The availability of open-source projects facilitates developers to contribute and collaborate on a wide range of projects. As a result, the developer community contributing to such open-source projects is also increasing. Many of the…

Software Engineering · Computer Science 2021-03-02 Akhila Sri Manasa Venigalla , Sridhar Chimalakonda

Version control systems for source code, such as Git, are key tools in modern software development environments. Many developers use online services, such as GitHub or GitLab, for collaborative software development. While software projects…

Cryptography and Security · Computer Science 2022-11-15 Alexander Krause , Jan H. Klemmer , Nicolas Huaman , Dominik Wermke , Yasemin Acar , Sascha Fahl

GitHub recommends that projects adopt a security file that outlines vulnerability reporting procedures. However, the effectiveness and operational challenges of such files are not yet fully understood. This study aims to clarify the…

Software Engineering · Computer Science 2025-10-17 Rintaro Kanaji , Brittany Reid , Yutaro Kashiwa , Raula Gaikovina Kula , Hajimu Iida

To build secure software, developers often work together during software development and maintenance to find, fix, and prevent security vulnerabilities. Examining the nature of developer interactions during their security activities…

Software Engineering · Computer Science 2019-07-30 Song Wang , Nachi Nagappan

Does the act of writing a specification (how the code should behave) for a piece of security sensitive code lead to developers producing more secure code? We asked 138 developers to write a snippet of code to store a password: Half of them…

Cryptography and Security · Computer Science 2021-02-22 Joseph Hallett , Nikhil Patnaik , Benjamin Shreeve , Awais Rashid

Reviewing source code from a security perspective has proven to be a difficult task. Indeed, previous research has shown that developers often miss even popular and easy-to-detect vulnerabilities during code review. Initial evidence…

Software Engineering · Computer Science 2022-02-15 Larissa Braz , Christian Aeberhard , Gül Çalikli , Alberto Bacchelli

Open-source code development has become widespread in recent years. As a result, open-source software platforms have also become popular, and millions of developers from diverse locations are able to contribute to the same projects. On…

Software Engineering · Computer Science 2021-01-22 Abdulkadir Şeker , Banu Diri , Halil Arslan

One of the main challenges that developers face when testing their systems lies in engineering test cases that are good enough to reveal bugs. And while our body of knowledge on software testing and automated test case generation is already…

Software Engineering · Computer Science 2021-11-09 Maurício Aniche , Christoph Treude , Andy Zaidman

We surveyed 97 developers who had used cryptography in open-source projects, in the hope of identifying developer security and cryptography practices. We asked them about individual and company-level practices, and divided respondents into…

Cryptography and Security · Computer Science 2021-10-01 Mohammadreza Hazhirpasand , Oscar Nierstrasz , Mohammad Ghafari

Given programming languages can provide different types and levels of security support, it is critically important to consider security aspects while selecting programming languages for developing software systems. Inadequate consideration…

Software Engineering · Computer Science 2021-11-29 Roland Croft , Yongzheng Xie , Mansooreh Zahedi , M. Ali Babar , Christoph Treude

Understanding the practice of refactoring documentation is of paramount importance in academia and industry. Issue tracking systems are used by most software projects enabling developers, quality assurance, managers, and users to submit…

Software Engineering · Computer Science 2022-03-22 Eman Abdullah AlOmar , Anthony Peruma , Mohamed Wiem Mkaouer , Christian D. Newman , Ali Ouni

A central function of code review is to increase understanding; helping reviewers understand a code change aids in knowledge transfer and finding bugs. Comments in code largely serve a similar purpose, helping future readers understand the…

Software Engineering · Computer Science 2022-04-04 Nikitha Rao , Jason Tsay , Martin Hirzel , Vincent J. Hellendoorn
‹ Prev 1 2 3 10 Next ›