Raising awareness in the industry on secure code review practices

Detalhes bibliográficos
Autor(a) principal: Iosif, A.-C.
Data de Publicação: 2023
Outros Autores: Gasiba, T. E., Lechner, U., Pinto-Albuquerque, M.
Idioma: eng
Título da fonte: Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
Texto Completo: http://hdl.handle.net/10071/29455
Resumo: As products and services become increasingly digital and software increasingly complex, all aspects of an industrial software development lifecycle must contribute to quality. Code review serves as a means to address software quality and fosters knowledge exchange across teams. Nonetheless, code review practices require resources and often require more resources than planned, while the benefit of a code review to code quality is less tangible. In our work, we address the effectiveness and efficiency of code review practices and develop an understanding of what is a good and valuable code review practice as part of a software development lifecycle. Our focus is code reviews meant to identify and address security weaknesses in an industrial context. This work presents a design study on how to design a workshop on code review. We conducted and evaluated three workshops with 37 industrial software developers. The findings of our work reveal that presenting constructive code review practices can contribute to raising awareness of secure coding and software lifecycle practices among software development professionals. This contributes to the quality and, in particular, security of software.
id RCAP_8d67e16d474f4b0dafff3f188c27fd97
oai_identifier_str oai:repositorio.iscte-iul.pt:10071/29455
network_acronym_str RCAP
network_name_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository_id_str https://opendoar.ac.uk/repository/7160
spelling Raising awareness in the industry on secure code review practicesCode reviewCybersecurityComplianceDevelopment lifecycleQualityStandardsAs products and services become increasingly digital and software increasingly complex, all aspects of an industrial software development lifecycle must contribute to quality. Code review serves as a means to address software quality and fosters knowledge exchange across teams. Nonetheless, code review practices require resources and often require more resources than planned, while the benefit of a code review to code quality is less tangible. In our work, we address the effectiveness and efficiency of code review practices and develop an understanding of what is a good and valuable code review practice as part of a software development lifecycle. Our focus is code reviews meant to identify and address security weaknesses in an industrial context. This work presents a design study on how to design a workshop on code review. We conducted and evaluated three workshops with 37 industrial software developers. The findings of our work reveal that presenting constructive code review practices can contribute to raising awareness of secure coding and software lifecycle practices among software development professionals. This contributes to the quality and, in particular, security of software.IARIA2023-10-18T11:11:34Z2023-01-01T00:00:00Z20232023-10-18T12:10:18Zconference objectinfo:eu-repo/semantics/publishedVersionapplication/pdfhttp://hdl.handle.net/10071/29455eng978-1-68558-113-82519-8599Iosif, A.-C.Gasiba, T. E.Lechner, U.Pinto-Albuquerque, M.info:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2024-07-07T03:47:04Zoai:repositorio.iscte-iul.pt:10071/29455Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-28T18:31:49.780782Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse
dc.title.none.fl_str_mv Raising awareness in the industry on secure code review practices
title Raising awareness in the industry on secure code review practices
spellingShingle Raising awareness in the industry on secure code review practices
Iosif, A.-C.
Code review
Cybersecurity
Compliance
Development lifecycle
Quality
Standards
title_short Raising awareness in the industry on secure code review practices
title_full Raising awareness in the industry on secure code review practices
title_fullStr Raising awareness in the industry on secure code review practices
title_full_unstemmed Raising awareness in the industry on secure code review practices
title_sort Raising awareness in the industry on secure code review practices
author Iosif, A.-C.
author_facet Iosif, A.-C.
Gasiba, T. E.
Lechner, U.
Pinto-Albuquerque, M.
author_role author
author2 Gasiba, T. E.
Lechner, U.
Pinto-Albuquerque, M.
author2_role author
author
author
dc.contributor.author.fl_str_mv Iosif, A.-C.
Gasiba, T. E.
Lechner, U.
Pinto-Albuquerque, M.
dc.subject.por.fl_str_mv Code review
Cybersecurity
Compliance
Development lifecycle
Quality
Standards
topic Code review
Cybersecurity
Compliance
Development lifecycle
Quality
Standards
description As products and services become increasingly digital and software increasingly complex, all aspects of an industrial software development lifecycle must contribute to quality. Code review serves as a means to address software quality and fosters knowledge exchange across teams. Nonetheless, code review practices require resources and often require more resources than planned, while the benefit of a code review to code quality is less tangible. In our work, we address the effectiveness and efficiency of code review practices and develop an understanding of what is a good and valuable code review practice as part of a software development lifecycle. Our focus is code reviews meant to identify and address security weaknesses in an industrial context. This work presents a design study on how to design a workshop on code review. We conducted and evaluated three workshops with 37 industrial software developers. The findings of our work reveal that presenting constructive code review practices can contribute to raising awareness of secure coding and software lifecycle practices among software development professionals. This contributes to the quality and, in particular, security of software.
publishDate 2023
dc.date.none.fl_str_mv 2023-10-18T11:11:34Z
2023-01-01T00:00:00Z
2023
2023-10-18T12:10:18Z
dc.type.driver.fl_str_mv conference object
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10071/29455
url http://hdl.handle.net/10071/29455
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 978-1-68558-113-8
2519-8599
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv IARIA
publisher.none.fl_str_mv IARIA
dc.source.none.fl_str_mv reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron:RCAAP
instname_str FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron_str RCAAP
institution RCAAP
reponame_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
collection Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository.name.fl_str_mv Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
repository.mail.fl_str_mv info@rcaap.pt
_version_ 1833597484432097280

Registros relacionados