Login New user?  
03- Journal of Statistics Applications & Probability
An International Journal
               
 
 
 
 
 
 
 
 
 
 
 

Content
 

Volumes > Vol. 13 > No. 2

 
   

Exploring Code Vulnerabilities through Code Reviews: An Empirical Study on OpenStack Nova

PP: 681-689
doi:10.18576/jsap/130208
Author(s)
Taleb Fahmawi, Ahmad Nabot, Issam Jebreen, Ahmad Al-Qerem,
Abstract
Effective code review is a critical aspect of software quality assurance, requiring a meticulous examination of code snippets to identify weaknesses and other quality issues. Unfortunately, the biggest threat to software quality is developers’ disregard for code-writing standards, which leads to code smells. Despite their importance, code smells are not always identified during code review, creating a need for an empirical study to uncover vulnerabilities in code reviews. This study aimed to explore vulnerabilities in code reviews by examining the OpenStack project, Nova. After analyzing 4873 review comments, we identified 187 comments related to possible vulnerabilities, and a pilot study confirmed 151 of them as vulnerabilities. Our findings revealed that injection vulnerability flaws were the most prevalent, while insecure deserialization was the least common. Our study also identified three primary reasons for vulnerabilities: developers’ knowledge of secure coding practices, unfamiliarity with existing code, and unintentional errors. In response to these vulnerabilities, reviewers suggested that developers fix the issues, and developers generally followed their recommendations. We recommend that developers receive training in secure coding practices to improve software quality, and those code review procedures include specific checks for common vulnerabilities. Additionally, it is essential to ensure that reviewers and developers communicate effectively to address vulnerabilities efficiently and effectively.

  Home   About us   News   Journals   Conferences Contact us Copyright naturalspublishing.com. All Rights Reserved