ASTOR: An Approach to Identify Security Code Reviews
During code reviews, software developers often raise security concerns if they find any. Ignoring such concerns can bring a severe impact on the performance of a software product. This risk can be reduced if we can automatically identify such code reviews that trigger security concerns so that we can perform additional scrutiny from the security experts. Therefore, the objective of this study is to develop an automated tool to identify code reviews that trigger security concerns.
With this goal, I developed an approach named ASTOR, where I combine two separate deep learning-based classifiers– (i) using code review comments and (ii) using the corresponding code context, and make an ensemble using Logistic Regression. Based on stratified ten-fold cross-validation, the best ensemble model achieves the F1-score of 79.7% with an accuracy of 88.4% to automatically identify code reviews that raise security concerns.
Tue 11 OctDisplayed time zone: Eastern Time (US & Canada) change
15:30 - 16:00 | |||
15:30 30mPoster | ASTOR: An Approach to Identify Security Code Reviews Student Research Competition Rajshakhar Paul Wayne State University | ||
15:30 30mPoster | ‘Who built this crap?’ Developing a Software Engineering Domain Specific Toxicity Detector Student Research Competition Jaydeb Sarker Department of Computer Science, Wayne State University Pre-print | ||
15:30 30mPoster | Automatically Fixing Breaking Changes of Data Science Libraries Student Research Competition Hailie Mitchell Carnegie Mellon University | ||
15:30 30mPoster | Execution Path Detection through Dynamic Analysis in Black-Box Testing Environments Student Research Competition Frank Whitworth Wake Forest University | ||
15:30 30mPoster | Automatic Software Timing Attack Evaluation & Mitigation on Clear Hardware Assumption Student Research Competition Prabuddha Chakraborty University of Florida | ||
15:30 30mPoster | Automatically Tagging the “AAA" Pattern in Unit Test Cases Using Machine Learning Models Student Research Competition Chenhao Wei Stevens Institute of Technology, Lu Xiao Stevens Institute of Technology, Tingting Yu University of Cincinnati, Xinyu Chen HSBC Software Development (Guangdong) Limited, Xiao Wang Stevens Institute of Technology, Sunny Wong Envestnet, Abigail Clune AGI | ||
15:30 30mPoster | A Unified Specification Mining Framework for Smart Contracts Student Research Competition Ye Liu Nanyang Technological University | ||
15:30 30mPoster | Identifying Sexism and Misogyny in Pull Request Comments Student Research Competition Sayma Sultana Wayne State University | ||
15:30 30mPoster | Detecting Inconsistencies in If-Condition-Raise Statements Student Research Competition Islem BOUZENIA Software Lab, University of Stuttgart | ||
15:30 30mPoster | Software Evolution Management with Differential Facts Student Research Competition Xiuheng Wu Nanyang Technological University, Singapore | ||
15:30 30mPoster | RESTCluster: Automated Crash Clustering for RESTful API Student Research Competition Yi Liu Nanyang Technological University | ||
