Peer Code Review to Prevent Security Vulnerabilities: An Empirical Evaluation | IEEE Conference Publication | IEEE Xplore
Subscribe
ADVANCED SEARCH
Conferences >2013 IEEE Seventh Internation...

Peer Code Review to Prevent Security Vulnerabilities: An Empirical Evaluation

PDF
Amiangshu Bosu; Jeffrey C. Carver
All Authors

Abstract:

Peer code review, as an effective quality improvement practice, has also been considered important for reducing security vulnerabilities. There is a lack of empirical evi...Show More

Metadata

Abstract:

Peer code review, as an effective quality improvement practice, has also been considered important for reducing security vulnerabilities. There is a lack of empirical evidence to quantify and support this claim. Therefore, we propose a research plan to analyze mature open source projects to gather empirical evidence regarding the relationship between peer code review and security vulnerabilities. As a proof-of-concept, we analyzed the Chromium OS project and found that reviewers identified potential vulnerabilities in 32 review requests.
Published in: 2013 IEEE Seventh International Conference on Software Security and Reliability Companion
Date of Conference: 18-20 June 2013
Date Added to IEEE Xplore: 03 October 2013
ISBN Information:
DOI: 10.1109/SERE-C.2013.22
Conference Location: Gaithersburg, MD, USA
Contents

I. Introduction

Software inspections, in which developers subject their code to review by peers or other stakeholders to identify defects, are an effective quality improvement practice [1]. Specifically in the security context, McGraw suggests that peer code review is an important practice for detecting and correcting security bugs [2]. For example, expert reviewers can identify code that contains potential security vulnerabilities and help the author eliminate the security flaws or abandon the vulnerable code. Moreover, peer code review can identify attempts to insert malicious code into the codebase. According to McGraw, the longer it takes to detect and fix a security vulnerability the higher the overall cost associated with that vulnerability [3]. Therefore, peer code review can reduce the cost of creating secure software by helping developers eliminate security defects earlier when it is less expensive.

Contact IEEE to Subscribe
More Like This
Security Goal Indicator Trees: A Model of Software Features that Supports Efficient Security Inspection

2008 11th IEEE High Assurance Systems Engineering Symposium

Published: 2008

Software Inspections Using Guided Checklists to Ensure Security Goals

2009 International Conference on Availability, Reliability and Security

Published: 2009

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.