Improving the Effectiveness of Peer Code Review in Identifying Security Defects
Wed 25 Aug 2021 05:50 - 06:15 - Doctoral Symposium: Slot 3
Prior studies found peer code review useful in identifying security defects. That is why most of the commercial and open-source software (OSS) projects embraced peer code review and mandated the use of it in the software development life cycle. However, despite conducting mandatory peer code review practices, many security-critical OSS projects such as Chromium, Mozilla, and Qt are reporting a high number of post-release vulnerabilities to the Common Vulnerabilities and Exposures (CVE) database. Practitioners may wonder if there is any missing piece in the puzzle that leads code reviews to miss those security defects. Therefore, the primary objective of this dissertation study is to improve the effectiveness of peer code review in identifying security defects.
To meet this goal, I plan to empirically investigate: (i) why security defects escape code reviews, (ii) what are the challenges developers face to conduct effective security code reviews, (iii) how to build effective security code review strategy, and (iv) how to make effective utilization of security experts during code reviews.
Tue 24 AugDisplayed time zone: Athens change
16:00 - 19:05 | |||
16:00 45mKeynote | Keynote (Sarah Nadi) Doctoral Symposium Sarah Nadi University of Alberta | ||
16:45 15mBreak | Break Doctoral Symposium | ||
17:00 25mPaper | Lightweight Verification via Specialized Typecheckers Doctoral Symposium Martin Kellogg University of Washington DOI | ||
17:25 25mPaper | Multi-location Cryptographic Code Repair with Neural-Network-Based Methodologies Doctoral Symposium Ya Xiao Virginia Tech DOI | ||
17:50 25mPaper | Improving the Effectiveness of Peer Code Review in Identifying Security Defects Doctoral Symposium Rajshakhar Paul Wayne State University DOI | ||
18:15 25mPaper | Reducing Cost in Continuous Integration with a Collection of Build Selection Approaches Doctoral Symposium Xianhao Jin Virginia Tech DOI | ||
18:40 25mPaper | A Live Environment for Inspection and Refactoring of Software Systems Doctoral Symposium Sara Fernandes University of Porto; INESC-ID DOI | ||
Wed 25 AugDisplayed time zone: Athens change
04:00 - 07:05 | |||
04:00 45mKeynote | Keynote (Sarah Nadi) Doctoral Symposium Sarah Nadi University of Alberta | ||
04:45 15mBreak | Break Doctoral Symposium | ||
05:00 25mPaper | Lightweight Verification via Specialized Typecheckers Doctoral Symposium Martin Kellogg University of Washington DOI | ||
05:25 25mPaper | Multi-location Cryptographic Code Repair with Neural-Network-Based Methodologies Doctoral Symposium Ya Xiao Virginia Tech DOI | ||
05:50 25mPaper | Improving the Effectiveness of Peer Code Review in Identifying Security Defects Doctoral Symposium Rajshakhar Paul Wayne State University DOI | ||
06:15 25mPaper | Reducing Cost in Continuous Integration with a Collection of Build Selection Approaches Doctoral Symposium Xianhao Jin Virginia Tech DOI | ||
06:40 25mPaper | A Live Environment for Inspection and Refactoring of Software Systems Doctoral Symposium Sara Fernandes University of Porto; INESC-ID DOI | ||
