The Role of expertise on code review for security: an eye tracking study

Download
2019
Kaplan, Utku
To improve the quality of the software and find security vulnerabilities, code review is usually performed during software development activities. The experience of software developers reviewing the code may affect the quality of the code review. This study investigates whether differences between novices and experts in the detection of vulnerabilities in the code can be identified by eye tracking. Participants’ eye movements were recorded by an eye tracker while they investigated program codes for security review. The experiment was carried out with 20 programmer participants. The results showed that eye tracking can be used to identify the differences between the code review of novices and experts.

Suggestions

A method for product defectiveness prediction by using process enactment data in a small software organization
Sivrioğlu, Damla; Demirörs, Onur; Tarhan, Ayça; Department of Information Systems (2012)
As a part of the quality management, product defectiveness prediction is vital for small software organizations as for instutional ones. Although for defect prediction there have been conducted a lot of studies, process enactment data cannot be used because of the difficulty of collection. Additionally, there is no proposed approach known in general for the analysis of process enactment data in software engineering. In this study, we developed a method to show the applicability of process enactment data for...
Virtual penetration testing with phase based vulnerability analysis
Çalışkan, Emre; Baykal, Nazife; Department of Information Systems (2015)
Vulnerability scanning, penetration testing, and manual auditing are ways of finding vulnerabilities in organizations. However, they have some limitations like time, accuracy, testers’ ability, etc. Virtual penetration testing aims to alleviate these limitations. By virtual penetration testing, it is intended to assess security controls corresponding to the vulnerabilities found by vulnerability scanning, and correlating assessment result with vulnerabilities. Consequently, correlation will enable to find e...
A survey of software testing practices in Canada
Garousi, Vahid; Zhi, Junji (2013-05-01)
Software testing is an important activity in the software development life-cycle. In an earlier study in 2009, we reported the results of a regional survey of software testing practices among practitioners in the Canadian province of Alberta. To get a larger nationwide view on this topic (across Canada), we conducted a newer survey with a revised list of questions in 2010. Compared to our previous Alberta-wide survey (53 software practitioners), the nation-wide survey had larger number of participants (246 ...
Increasing trustworthiness of security critical applications using trusted computing
Uzunay, Yusuf; Baykal, Nazife; Bıçakcı, Kemal; Department of Information Systems (2014)
In this thesis work, we aim to increase the trustworthiness of security critical applications by utilizing trusted computing technologies. We focus on two case applications; authentication proxy systems and e-voting systems. Our first case application is authentication proxy systems which store users’ sensitive credentials and submit them to the servers of the service providers on their behalf. To increase the trustworthiness of authentication proxy systems, we propose Trust-in-the-Middle a trusted platform...
An Analytical Security Model for Existing Software Systems
Isazadeh, Ayaz; Elgedawy, Islam; Karimpour, Jaber; Izadkhah, Habib (2014-03-01)
Nowadays, evaluation of software security, as one of the important quality attributes, is of paramount importance. There are many software systems have not considered security in their design; this makes them vulnerable to security risks. Architecture is the most important consideration in software design that affects final quality of software. Quality attributes such as efficiency and reliability have been studied at software architecture level; however, no report has ever been provided about the effect of...
Citation Formats
U. Kaplan, “The Role of expertise on code review for security: an eye tracking study,” M.S. - Master of Science, Middle East Technical University, 2019.