Write a Blog >>
ESEC/FSE 2022
Mon 14 - Fri 18 November 2022 Singapore
Wed 16 Nov 2022 11:30 - 11:45 at SRC LT 51 - Collaboration Chair(s): Paul Marinescu

To avoid software vulnerabilities, organizations are shifting security to earlier stages of the software development, such as at code review time. In this paper, we aim to understand the developers’
perspective on assessing software security during code review, the challenges they encounter, and the support that companies and projects provide. To this end, we conduct a two-step investigation: we interview 10 professional developers and survey 182 practitioners about software security assessment during code review. The outcome is an overview of how developers perceive software security during code review and a set of identified challenges. Our study revealed that most developers do not immediately report to focus on security issues during code review. Only after being asked about software security, developers state to always consider it during review and acknowledge its importance. Most companies do not provide security training, yet expect developers to still ensure
security during reviews. Accordingly, developers report the lack of training and security knowledge as the main challenges they face when checking for security issues. In addition, they have challenges
with third-party libraries and to identify interactions between parts of code that could have security implications. Moreover, security may be disregarded during reviews due to developers’ assumptions
about the security dynamic of the application they develop.
Preprint: https://arxiv.org/abs/2208.04261
Data and materials: https://doi.org/10.5281/zenodo.6969369

Wed 16 Nov

Displayed time zone: Beijing, Chongqing, Hong Kong, Urumqi change

11:00 - 12:30
CollaborationIndustry Paper / Research Papers at SRC LT 51
Chair(s): Paul Marinescu Meta
11:00
15m
Talk
Workgraph: Personal Focus vs. Interruption for Engineers at Meta
Industry Paper
Yifen Chen Meta, Peter Rigby Concordia University; Meta, Yulin Chen Meta, Kun Jiang Meta, Nader Dehghani Meta, Qianying Huang Meta, Peter Cottle Meta, Clayton Andrews Meta, Noah Lee Meta, Nachiappan Nagappan Facebook
DOI
11:15
15m
Talk
Understanding Automated Code Review Process and Developer Experience in Industry
Industry Paper
Hyungjin Kim Samsung Research, Yonghwi Kwon Samsung Research, Sangwoo Joh Samsung Research, Hyukin Kwon Samsung Research, Yeonhee Ryou Samsung Research, Taeksu Kim Samsung Research
DOI
11:30
15m
Talk
Software Security during Modern Code Review: The Developer’s Perspective
Research Papers
Larissa Braz University of Zurich, Alberto Bacchelli University of Zurich
DOI Pre-print Media Attached
11:45
15m
Talk
Program Merge Conflict Resolution via Neural Transformers
Research Papers
Alexey Svyatkovskiy Microsoft, Sarah Fakhoury Washington State University, Negar Ghorbani University of California at Irvine, Todd Mytkowicz Microsoft Research, Elizabeth Dinella University of Pennsylvania, Christian Bird Microsoft Research, Jinu Jang Microsoft, Neel Sundaresan Microsoft, Shuvendu K. Lahiri Microsoft Research
DOI