Write a Blog >>
ICSE 2022
Sun 8 - Fri 27 May 2022
Tue 10 May 2022 03:10 - 03:15 at ICSE room 3-odd hours - Software Security 1 Chair(s): Liliana Pasquale
Wed 11 May 2022 12:20 - 12:25 at ICSE room 2-even hours - Software Security 8 Chair(s): Barbara Russo
Thu 26 May 2022 09:00 - 09:05 at Room 301+302 - Papers 12: Software Testing 1 Chair(s): Barbora Buhnova

Reviewing source code from a security perspective has proven to be a difficult task. Indeed, previous research has shown that developers often miss even popular and easy-to-detect vulnerabilities during code review. Initial evidence suggests that a significant cause may lie in the reviewers’ mental attitude and common practices. In this study, we investigate whether and how explicitly asking developers to focus on security during a code review affects the detection of vulnerabilities. Furthermore, we evaluate the effect of providing a security checklist to guide the security review. To this aim, we conduct an online experiment with 150 participants, of which 71% report to have three or more years of professional development experience. Our results show that simply asking reviewers to focus on security during the code review increases eight times the probability of vulnerability detection. The presence of a security checklist does not significantly improve the outcome further, even when the checklist is tailored to the change under review and the existing vulnerabilities in the change. These results provide evidence supporting the mental attitude hypothesis and call for further work on security checklists’ effectiveness and design.

Preprint (icse22.pdf)1.6MiB

Tue 10 May

Displayed time zone: Eastern Time (US & Canada) change

03:00 - 04:00
Software Security 1Journal-First Papers / Technical Track at ICSE room 3-odd hours
Chair(s): Liliana Pasquale University College Dublin & Lero
03:00
5m
Talk
Deep Learning based Vulnerability Detection: Are We There Yet?
Journal-First Papers
Saikat Chakraborty Columbia University, Rahul Krishna IBM Research, Yangruibo Ding Columbia University, Baishakhi Ray Columbia University
Link to publication DOI Media Attached
03:05
5m
Talk
ReMoS: Reducing Defect Inheritance in Transfer Learning via Relevant Model Slicing
Technical Track
Ziqi Zhang Peking University, Yuanchun Li Microsoft Research, Jindong Wang Microsoft Research, Bingyan Liu Peking University, Ding Li Peking University, Xiangqun Chen Peking University, Yao Guo Peking University, Yunxin Liu Tsinghua University
Pre-print Media Attached
03:10
5m
Talk
Less is More: Supporting Developers in Vulnerability Detection during Code Review
Technical Track
Larissa Braz University of Zurich, Christian Aeberhard University of Zurich, Gül Calikli University of Glasgow, Alberto Bacchelli University of Zurich
Link to publication DOI Pre-print Media Attached File Attached
03:15
5m
Talk
Aper: Evolution-Aware Runtime Permission Misuse Detection for Android Apps
Technical Track
Sinan Wang Southern University of Science and Technology, Yibo Wang Northeastern University, Xian Zhan The Hong Kong Polytechnic University, Ying Wang Northeastern University, China, Yepang Liu Southern University of Science and Technology, Xiapu Luo Hong Kong Polytechnic University, Shing-Chi Cheung Hong Kong University of Science and Technology
DOI Pre-print Media Attached

Wed 11 May

Displayed time zone: Eastern Time (US & Canada) change

12:00 - 13:00
12:00
5m
Talk
Omni: automated ensemble with unexpected models against adversarial evasion attack
Journal-First Papers
Rui Shu North Carolina State University, Tianpei Xia North Carolina State University, Laurie Williams North Carolina State University, Tim Menzies North Carolina State University
Link to publication DOI Media Attached
12:05
5m
Talk
What are Weak Links in the npm Supply Chain?
SEIP - Software Engineering in Practice
Nusrat Zahan North Carolina State University, Laurie Williams North Carolina State University, Thomas Zimmermann Microsoft Research, Patrice Godefroid Microsoft Research, USA, Brendan Murphy Microsoft Research, Chandra Maddila Microsoft Research
Pre-print Media Attached
12:10
5m
Talk
Rotten Apples Spoil the Bunch: An Anatomy of Google Play Malware
Technical Track
Michael Cao University of British Columbia, Khaled Ahmed University of British Columbia (UBC), Julia Rubin University of British Columbia
Pre-print Media Attached
12:15
5m
Talk
What the Fork? Finding Hidden Code Clones in npm
Technical Track
Elizabeth Wyss University of Kansas, Lorenzo De Carli Worcester Polytechnic Institute, Drew Davidson University of Kansas
DOI Pre-print Media Attached
12:20
5m
Talk
Less is More: Supporting Developers in Vulnerability Detection during Code Review
Technical Track
Larissa Braz University of Zurich, Christian Aeberhard University of Zurich, Gül Calikli University of Glasgow, Alberto Bacchelli University of Zurich
Link to publication DOI Pre-print Media Attached File Attached
12:25
5m
Talk
A Grounded Theory Based Approach to Characterize Software Attack Surfaces
Technical Track
sara moshtari Rochester Institute of Technology, Ahmet Okutan Rochester Institute of Technology, Mehdi Mirakhorli Rochester Institute of Technology
Pre-print Media Attached

Thu 26 May

Displayed time zone: Eastern Time (US & Canada) change

09:00 - 10:30
Papers 12: Software Testing 1Technical Track / NIER - New Ideas and Emerging Results / Journal-First Papers at Room 301+302
Chair(s): Barbora Buhnova Masaryk University
09:00
5m
Talk
Less is More: Supporting Developers in Vulnerability Detection during Code Review
Technical Track
Larissa Braz University of Zurich, Christian Aeberhard University of Zurich, Gül Calikli University of Glasgow, Alberto Bacchelli University of Zurich
Link to publication DOI Pre-print Media Attached File Attached
09:05
5m
Talk
A Grounded Theory Based Approach to Characterize Software Attack Surfaces
Technical Track
sara moshtari Rochester Institute of Technology, Ahmet Okutan Rochester Institute of Technology, Mehdi Mirakhorli Rochester Institute of Technology
Pre-print Media Attached
09:10
5m
Talk
SymTuner: Maximizing the Power of Symbolic Execution by Adaptively Tuning External ParametersDistinguished Paper Award
Technical Track
Sooyoung Cha Sungkyunkwan University, Myungho Lee Korea University, Seokhyun Lee Korea University, South Korea, Hakjoo Oh Korea University
Pre-print Media Attached
09:15
5m
Talk
Free Lunch for Testing: Fuzzing Deep-Learning Libraries from Open Source
Technical Track
Anjiang Wei Stanford University, Yinlin Deng University of Illinois at Urbana-Champaign, Chenyuan Yang Nanjing University, Lingming Zhang University of Illinois at Urbana-Champaign
Pre-print Media Attached
09:20
5m
Talk
Automatic Detection of Performance Bugs in Database Systems using Equivalent Queries
Technical Track
Xinyu Liu Georgia Institute of Technology, Qi Zhou Facebook, Joy Arulraj Georgia Institute of Technology, Alessandro Orso Georgia Tech
Pre-print Media Attached
09:25
5m
Talk
Preempting Flaky Tests via Non-Idempotent-Outcome Tests
Technical Track
Anjiang Wei Stanford University, Pu Yi Peking University, Zhengxi Li University of Illinois Urbana-Champaign, Tao Xie Peking University, Darko Marinov University of Illinois at Urbana-Champaign, Wing Lam University of Illinois at Urbana-Champaign
Pre-print Media Attached
09:30
5m
Talk
A Family of Experiments on Test-Driven Development
Journal-First Papers
Adrian Santos Parrilla University of Oulu, Sira Vegas Universidad Politecnica de Madrid, Oscar Dieste Universidad Politécnica de Madrid, Fernando Uyaguari ETAPA Telecommunications Company, Ayse Tosun Istanbul Technical University, Davide Fucci Blekinge Institute of Technology, Burak Turhan University of Oulu, Giuseppe Scanniello University of Basilicata, Simone Romano University of Bari, Itir Karac University of Oulu, Marco Kuhrmann Reutlingen University, Vladimir Mandić Faculty of Technical Sciences, University of Novi Sad, Robert Ramač Faculty of Technical Sciences, University of Novi Sad, Dietmar Pfahl University of Tartu, Christian Engblom Ericsson, Jarno Kyykka Ericsson, Kerli Rungi Testlio, Carolina Palomeque ETAPA Telecommunications Company, Jaroslav Spisak PAF, Markku Oivo University of Oulu, Natalia Juristo Universidad Politecnica de Madrid
Link to publication DOI Pre-print Media Attached
09:35
5m
Talk
Towards Property-Based Tests in Natural Language
NIER - New Ideas and Emerging Results
Colin Gordon Drexel University
Pre-print Media Attached
09:40
5m
Talk
Automated Testing of Software that Uses Machine Learning APIs
Technical Track
Chengcheng Wan The University of Chicago, Shicheng Liu University of Chicago, Sophie Xie Whitney Young High School, Yifan Liu University of Chicago, Henry Hoffmann University of Chicago, Michael Maire University of Chicago, Shan Lu University of Chicago
Pre-print Media Attached
Hide past events

Information for Participants
Tue 10 May 2022 03:00 - 04:00 at ICSE room 3-odd hours - Software Security 1 Chair(s): Liliana Pasquale
Info for room ICSE room 3-odd hours:

Click here to go to the room on Midspace

Wed 11 May 2022 12:00 - 13:00 at ICSE room 2-even hours - Software Security 8 Chair(s): Barbara Russo
Info for room ICSE room 2-even hours:

Click here to go to the room on Midspace