On the Effects of Program Slicing for Vulnerability Detection during Code Inspection: Extended Abstract
\textbf{[Background]}: Slicing has been first introduced to support debugging as a fault localization technique. Yet, program slicing as support for identifying vulnerabilities during code inspection has received limited attention. \textbf{[Aims]}: Evaluate the effectiveness of slicing as a general concept to support code inspectors while detecting vulnerabilities into source code. \textbf{[Method]}: We designed a controlled experiment which goal is identifying the vulnerable lines in original or sliced Java files from Apache Tomcat. The designed treatments differ in the pair (Vulnerability, Original/Sliced file) with a balanced design with four vulnerabilities from the OWASP Top 10. The participants are MSc students attending security courses ($n=236$). \textbf{[Observations]}: By using a notion of neighborhood based on the context size of the command \texttt{git, diff} we observed that slicing helps in finding something' as opposed to
finding nothing’. However, once some correct lines have been found, analyzing a slice and analyzing the original file are statistically equivalent.
Thu 18 AprDisplayed time zone: Lisbon change
15:30 - 16:00 | |||
15:30 30mPoster | Towards Data Augmentation for Supervised Code Translation Posters Binger Chen Technische Universität Berlin, Jacek golebiowski Amazon AWS, Ziawasch Abedjan Leibniz Universität Hannover | ||
15:30 30mPoster | GDPR indications in commits messages in GitHub repositories Posters | ||
15:30 30mPoster | Automatic Generation of Test Cases based on Bug Reports: a Feasibility Study with Large Language Models Posters Laura Plein University of Luxembourg, Wendkuuni Arzouma Marc Christian OUEDRAOGO University of Luxembourg, Jacques Klein University of Luxembourg, Tegawendé F. Bissyandé University of Luxembourg | ||
15:30 30mPoster | How Does Pre-trained Language Model Perform on Deep Learning Framework Bug Prediction? Posters Xiaoting Du Beijing University of Posts and Telecommunications, Chenglong Li Beihang University, Xiangyue Ma Beihang University, Zheng Zheng Beihang University | ||
15:30 30mPoster | xNose: A Test Smell Detector for C# Posters Partha Protim Paul Shahjalal University of Science & Technology, Md Tonoy Akanda Shahjalal University of Science & Technology, Mohammed Raihan Ullah Shahjalal University of Science & Technology, Dipto Mondal Shahjalal University of Science & Technology, Nazia Sultana Chowdhury Shahjalal University of Science & Technology, Fazle Mohammed Tawsif University of Southern California DOI Pre-print | ||
15:30 30mPoster | Data vs. Model Machine Learning Fairness Testing: An Empirical Study Posters Arumoy Shome Delft University of Technology, Luís Cruz Delft University of Technology, Arie van Deursen Delft University of Technology | ||
15:30 30mPoster | On the Effects of Program Slicing for Vulnerability Detection during Code Inspection: Extended Abstract Posters Aurora Papotti Vrije Universiteit Amsterdam, Fabio Massacci University of Trento; Vrije Universiteit Amsterdam, Katja Tuma Vrije Universiteit Amsterdam | ||
15:30 30mPoster | Multi-step Automated Generation of Parameter Docstrings in Python: An Exploratory Study Posters Vatsal Venkatkrishna Australian National University, Durga Shree Nagabushanam Australian National University, Emmanuel Iko-Ojo Simon Australian National University, Melina Vidoni Australian National University DOI Authorizer link | ||
15:30 30mPoster | Lightweight Semantic Conflict Detection with Static Analysis Posters Galileu Santos de Jesus Federal University of Pernambuco, Paulo Borba Federal University of Pernambuco, Rodrigo Bonifácio Computer Science Department - University of Brasília, Matheus Barbosa de Oliveira Federal University of Pernambuco | ||
15:30 30mPoster | Energy Consumption of Automated Program Repair Posters Matias Martinez Universitat Politècnica de Catalunya (UPC), Silverio Martínez-Fernández UPC-BarcelonaTech, Xavier Franch Universitat Politècnica de Catalunya | ||
15:30 30mPoster | ReviewRanker: A Semi-Supervised Learning Based Approach for Code Review Quality Estimation Posters Saifullah Mahbub United International University, Md. Easin Arafat Eötvös Loránd University, Chowdhury Rafeed Rahman National University of Singapore, Zannatul Ferdows United International University, Masum Hasan University of Rochester | ||
15:30 30mPoster | LogPrompt: Prompt Engineering Towards Zero-Shot and Interpretable Log Analysis Posters Yilun Liu Huawei co. LTD, Shimin Tao University of Science and Technology of China; Huawei co. LTD, Weibin Meng Huawei co. LTD, Feiyu Yao Huawei co. LTD, Xiaofeng Zhao Huawei co. LTD, Hao Yang Huawei co. LTD | ||
15:30 30mPoster | High-precision Online Log Parsing with Large Language Models Posters XiaoLei Chen Fudan University, Jie Shi Fudan University, ChenJ , Peng Wang Fudan University, Wei Wang Fudan University | ||
15:30 30mPoster | Multi-requirement Parametric Falsification Posters |