• DocumentCode
    638290
  • Title

    Peer Code Review to Prevent Security Vulnerabilities: An Empirical Evaluation

  • Author

    Bosu, Amiangshu ; Carver, Jeffrey C.

  • Author_Institution
    Univ. of Alabama, Tuscaloosa, AL, USA
  • fYear
    2013
  • fDate
    18-20 June 2013
  • Firstpage
    229
  • Lastpage
    230
  • Abstract
    Peer code review, as an effective quality improvement practice, has also been considered important for reducing security vulnerabilities. There is a lack of empirical evidence to quantify and support this claim. Therefore, we propose a research plan to analyze mature open source projects to gather empirical evidence regarding the relationship between peer code review and security vulnerabilities. As a proof-of-concept, we analyzed the Chromium OS project and found that reviewers identified potential vulnerabilities in 32 review requests.
  • Keywords
    operating systems (computers); security of data; Chromium OS project; empirical evaluation; mature open source projects; peer code review; quality improvement practice; security vulnerabilities prevention; Communities; Computer bugs; Databases; Forgery; Inspection; Security; Software; code review; open source; security defects; vulnerability;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Software Security and Reliability-Companion (SERE-C), 2013 IEEE 7th International Conference on
  • Conference_Location
    Gaithersburg, MD
  • Print_ISBN
    978-1-4799-2924-5
  • Type

    conf

  • DOI
    10.1109/SERE-C.2013.22
  • Filename
    6616350
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=638290