Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Open Access Guideline
Open Access Guideline
Postgraduate Thesis Guideline
Postgraduate Thesis Guideline
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
The Role of expertise on code review for security: an eye tracking study
Download
index.pdf
Date
2019
Author
Kaplan, Utku
Metadata
Show full item record
Item Usage Stats
271
views
110
downloads
Cite This
To improve the quality of the software and find security vulnerabilities, code review is usually performed during software development activities. The experience of software developers reviewing the code may affect the quality of the code review. This study investigates whether differences between novices and experts in the detection of vulnerabilities in the code can be identified by eye tracking. Participants’ eye movements were recorded by an eye tracker while they investigated program codes for security review. The experiment was carried out with 20 programmer participants. The results showed that eye tracking can be used to identify the differences between the code review of novices and experts.
Subject Keywords
Source code (Computer science).
,
Software protection.
,
Computer security.
,
Data protection.
,
Eye tracking.
URI
http://etd.lib.metu.edu.tr/upload/12623031/index.pdf
https://hdl.handle.net/11511/27989
Collections
Graduate School of Informatics, Thesis
Suggestions
OpenMETU
Core
Virtual penetration testing with phase based vulnerability analysis
Çalışkan, Emre; Baykal, Nazife; Department of Information Systems (2015)
Vulnerability scanning, penetration testing, and manual auditing are ways of finding vulnerabilities in organizations. However, they have some limitations like time, accuracy, testers’ ability, etc. Virtual penetration testing aims to alleviate these limitations. By virtual penetration testing, it is intended to assess security controls corresponding to the vulnerabilities found by vulnerability scanning, and correlating assessment result with vulnerabilities. Consequently, correlation will enable to find e...
A method for product defectiveness prediction by using process enactment data in a small software organization
Sivrioğlu, Damla; Demirörs, Onur; Tarhan, Ayça; Department of Information Systems (2012)
As a part of the quality management, product defectiveness prediction is vital for small software organizations as for instutional ones. Although for defect prediction there have been conducted a lot of studies, process enactment data cannot be used because of the difficulty of collection. Additionally, there is no proposed approach known in general for the analysis of process enactment data in software engineering. In this study, we developed a method to show the applicability of process enactment data for...
Increasing trustworthiness of security critical applications using trusted computing
Uzunay, Yusuf; Baykal, Nazife; Bıçakcı, Kemal; Department of Information Systems (2014)
In this thesis work, we aim to increase the trustworthiness of security critical applications by utilizing trusted computing technologies. We focus on two case applications; authentication proxy systems and e-voting systems. Our first case application is authentication proxy systems which store users’ sensitive credentials and submit them to the servers of the service providers on their behalf. To increase the trustworthiness of authentication proxy systems, we propose Trust-in-the-Middle a trusted platform...
An Analytical Security Model for Existing Software Systems
Isazadeh, Ayaz; Elgedawy, Islam; Karimpour, Jaber; Izadkhah, Habib (2014-03-01)
Nowadays, evaluation of software security, as one of the important quality attributes, is of paramount importance. There are many software systems have not considered security in their design; this makes them vulnerable to security risks. Architecture is the most important consideration in software design that affects final quality of software. Quality attributes such as efficiency and reliability have been studied at software architecture level; however, no report has ever been provided about the effect of...
A survey of software testing practices in Canada
Garousi, Vahid; Zhi, Junji (2013-05-01)
Software testing is an important activity in the software development life-cycle. In an earlier study in 2009, we reported the results of a regional survey of software testing practices among practitioners in the Canadian province of Alberta. To get a larger nationwide view on this topic (across Canada), we conducted a newer survey with a revised list of questions in 2010. Compared to our previous Alberta-wide survey (53 software practitioners), the nation-wide survey had larger number of participants (246 ...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
U. Kaplan, “The Role of expertise on code review for security: an eye tracking study,” M.S. - Master of Science, Middle East Technical University, 2019.