Deep learning based vulnerability detection: Are we there yet?

S Chakraborty, R Krishna, Y Ding… - IEEE Transactions on …, 2021 - ieeexplore.ieee.org
Automated detection of software vulnerabilities is a fundamental problem in software
security. Existing program analysis techniques either suffer from high false positives or false …

A systematic literature review and taxonomy of modern code review

N Davila, I Nunes - Journal of Systems and Software, 2021 - Elsevier
Abstract Context: Modern Code Review (MCR) is a widely known practice of software quality
assurance. However, the existing body of knowledge of MCR is currently not understood as …

Autotransform: Automated code transformation to support modern code review process

P Thongtanunam, C Pornprasit… - Proceedings of the 44th …, 2022 - dl.acm.org
Code review is effective, but human-intensive (eg, developers need to manually modify
source code until it is approved). Recently, prior work proposed a Neural Machine …

V-SZZ: automatic identification of version ranges affected by CVE vulnerabilities

L Bao, X Xia, AE Hassan, X Yang - Proceedings of the 44th International …, 2022 - dl.acm.org
Vulnerabilities publicly disclosed in the National Vulnerability Database (NVD) are assigned
with CVE (Common Vulnerabilities and Exposures) IDs and associated with specific …

Ccrep: Learning code change representations via pre-trained code model and query back

Z Liu, Z Tang, X Xia, X Yang - 2023 IEEE/ACM 45th …, 2023 - ieeexplore.ieee.org
Representing code changes as numeric feature vectors, ie, code change representations, is
usually an essential step to automate many software engineering tasks related to code …

Modern code reviews—survey of literature and practice

D Badampudi, M Unterkalmsteiner… - ACM Transactions on …, 2023 - dl.acm.org
Background: Modern Code Review (MCR) is a lightweight alternative to traditional code
inspections. While secondary studies on MCR exist, it is ua nknown whether the research …

A fine-grained data set and analysis of tangling in bug fixing commits

S Herbold, A Trautsch, B Ledel… - Empirical Software …, 2022 - Springer
Context Tangled commits are changes to software that address multiple concerns at once.
For researchers interested in bugs, tangled commits mean that they actually study not only …

[HTML][HTML] Graph-based visualization of merge requests for code review

E Fregnan, J Fröhlich, D Spadini, A Bacchelli - Journal of Systems and …, 2023 - Elsevier
Code review is a software development practice aimed at assessing code quality, finding
defects, and sharing knowledge among developers. Despite its wide adoption, code review …

Pre-training code representation with semantic flow graph for effective bug localization

Y Du, Z Yu - Proceedings of the 31st ACM Joint European Software …, 2023 - dl.acm.org
Enlightened by the big success of pre-training in natural language processing, pre-trained
models for programming languages have been widely used to promote code intelligence in …

Smartcommit: a graph-based interactive assistant for activity-oriented commits

B Shen, W Zhang, C Kästner, H Zhao, Z Wei… - Proceedings of the 29th …, 2021 - dl.acm.org
In collaborative software development, it is considered to be a best practice to submit code
changes as a sequence of cohesive commits, each of which records the work result of a …