Deep learning based vulnerability detection: Are we there yet?
Automated detection of software vulnerabilities is a fundamental problem in software
security. Existing program analysis techniques either suffer from high false positives or false …
security. Existing program analysis techniques either suffer from high false positives or false …
A systematic literature review and taxonomy of modern code review
Abstract Context: Modern Code Review (MCR) is a widely known practice of software quality
assurance. However, the existing body of knowledge of MCR is currently not understood as …
assurance. However, the existing body of knowledge of MCR is currently not understood as …
Autotransform: Automated code transformation to support modern code review process
P Thongtanunam, C Pornprasit… - Proceedings of the 44th …, 2022 - dl.acm.org
Code review is effective, but human-intensive (eg, developers need to manually modify
source code until it is approved). Recently, prior work proposed a Neural Machine …
source code until it is approved). Recently, prior work proposed a Neural Machine …
V-SZZ: automatic identification of version ranges affected by CVE vulnerabilities
Vulnerabilities publicly disclosed in the National Vulnerability Database (NVD) are assigned
with CVE (Common Vulnerabilities and Exposures) IDs and associated with specific …
with CVE (Common Vulnerabilities and Exposures) IDs and associated with specific …
Ccrep: Learning code change representations via pre-trained code model and query back
Representing code changes as numeric feature vectors, ie, code change representations, is
usually an essential step to automate many software engineering tasks related to code …
usually an essential step to automate many software engineering tasks related to code …
Modern code reviews—survey of literature and practice
D Badampudi, M Unterkalmsteiner… - ACM Transactions on …, 2023 - dl.acm.org
Background: Modern Code Review (MCR) is a lightweight alternative to traditional code
inspections. While secondary studies on MCR exist, it is ua nknown whether the research …
inspections. While secondary studies on MCR exist, it is ua nknown whether the research …
A fine-grained data set and analysis of tangling in bug fixing commits
Context Tangled commits are changes to software that address multiple concerns at once.
For researchers interested in bugs, tangled commits mean that they actually study not only …
For researchers interested in bugs, tangled commits mean that they actually study not only …
[HTML][HTML] Graph-based visualization of merge requests for code review
Code review is a software development practice aimed at assessing code quality, finding
defects, and sharing knowledge among developers. Despite its wide adoption, code review …
defects, and sharing knowledge among developers. Despite its wide adoption, code review …
Pre-training code representation with semantic flow graph for effective bug localization
Enlightened by the big success of pre-training in natural language processing, pre-trained
models for programming languages have been widely used to promote code intelligence in …
models for programming languages have been widely used to promote code intelligence in …
Smartcommit: a graph-based interactive assistant for activity-oriented commits
In collaborative software development, it is considered to be a best practice to submit code
changes as a sequence of cohesive commits, each of which records the work result of a …
changes as a sequence of cohesive commits, each of which records the work result of a …