Litcius/Paper detail

Less is more

Larissa Braz, Christian Aeberhard, Gül Çalıklı, Alberto Bacchelli

2022Proceedings of the 44th International Conference on Software Engineering27 citationsDOIOpen Access PDF

Abstract

Reviewing source code from a security perspective has proven to be a difficult task. Indeed, previous research has shown that developers often miss even popular and easy-to-detect vulnerabilities during code review. Initial evidence suggests that a significant cause may lie in the reviewers' mental attitude and common practices.

Topics & Concepts

ChecklistVulnerability (computing)Computer sciencePerspective (graphical)Focus (optics)Task (project management)Computer securityWork (physics)Code (set theory)Code reviewApplied psychologyPsychologyStatic program analysisSoftware developmentSoftwareCognitive psychologyEngineeringArtificial intelligencePhysicsMechanical engineeringSet (abstract data type)OpticsProgramming languageSystems engineeringSoftware Engineering ResearchInformation and Cyber SecurityAdvanced Malware Detection Techniques