Less is more
Larissa Braz, Christian Aeberhard, Gül Çalıklı, Alberto Bacchelli
2022Proceedings of the 44th International Conference on Software Engineering27 citationsDOIOpen Access PDF
Abstract
Reviewing source code from a security perspective has proven to be a difficult task. Indeed, previous research has shown that developers often miss even popular and easy-to-detect vulnerabilities during code review. Initial evidence suggests that a significant cause may lie in the reviewers' mental attitude and common practices.
Topics & Concepts
ChecklistVulnerability (computing)Computer sciencePerspective (graphical)Focus (optics)Task (project management)Computer securityWork (physics)Code (set theory)Code reviewApplied psychologyPsychologyStatic program analysisSoftware developmentSoftwareCognitive psychologyEngineeringArtificial intelligencePhysicsMechanical engineeringSet (abstract data type)OpticsProgramming languageSystems engineeringSoftware Engineering ResearchInformation and Cyber SecurityAdvanced Malware Detection Techniques