Write a Blog >>
MSR 2022
Mon 23 - Tue 24 May 2022
co-located with ICSE 2022
Thu 19 May 2022 05:00 - 05:04 at MSR Main room - odd hours - Session 10: Security Chair(s): Triet Le

Speeding up development may produce technical debt, i.e., not-quite-right code for which the effort to make it right increases with time as a sort of interest. Developers may be aware of the debt as they admit it in their code comments. Literature reports that such a self-admitted technical debt survives for a long time in a program, but it is not yet clear its impact on the quality of the code on the long term. We argue that self-admitted technical debt contains a number of different weaknesses that may affect the security of a program. Therefore, the longer a debt is not paid back the higher is the risk that the weaknesses can be exploited. To discuss our claim and rise the developers’ awareness on the vulnerability of the self-admitted technical debt that are not paid back, we explore the self-admitted technical debt in the Chromium C-code to detect any known weaknesses. In this preliminary study, we first mine the Common Weakness Enumeration repository to define heuristics for the automatic detection and fix of weak code. Then, we parse the C-code to find self-admitted technical debt and the code block it refers to. Finally, we use the heuristics to find weak code snippets associated to self-admitted technical debt and recommend their potential mitigation to developers. Such knowledge can be used to prioritize self-admitted technical debt for repair. A prototype has been developed and applied to the Chromium code. Initial findings report that 55% of self-admitted technical debt code contains weak code of 14 different types.

Thu 19 May

Displayed time zone: Eastern Time (US & Canada) change

05:00 - 05:50
Session 10: SecurityTechnical Papers / Data and Tool Showcase Track / Registered Reports at MSR Main room - odd hours
Chair(s): Triet Le The University of Adelaide
05:00
4m
Short-paper
WeakSATD: detecting weak self-admitted technical debt
Technical Papers
Barbara Russo Free University of Bolzano, Matteo Camilli Free University of Bozen-Bolzano, Moritz Mock Free University of Bolzano
DOI Pre-print Media Attached
05:04
7m
Talk
LibDB: An Effective and Efficient Framework for Detecting Third-Party Libraries in Binaries
Technical Papers
Wei Tang Tsinghua University, Yanlin Wang Microsoft Research, Hongyu Zhang University of Newcastle, Shi Han Microsoft Research, Ping Luo Tsinghua University, Dongmei Zhang Microsoft Research
Pre-print
05:11
7m
Talk
Noisy Label Learning for Security Defects
Technical Papers
Roland Croft The University of Adelaide, Muhammad Ali Babar University of Adelaide, Huaming Chen The University of Adelaide
05:18
4m
Talk
Vul4J: A Dataset of Reproducible Java Vulnerabilities Geared Towards the Study of Program Repair TechniquesData and Tool Showcase Award
Data and Tool Showcase Track
Quang-Cuong Bui Hamburg University of Technology, Riccardo Scandariato Hamburg University of Technology, Nicolás E. Díaz Ferreyra Hamburg University of Technology
Pre-print Media Attached
05:22
4m
Talk
AndroOBFS: Time-tagged Obfuscated Android Malware Dataset with Family Information
Data and Tool Showcase Track
Saurabh Kumar Indian Institute of Technology Kanpur, Debadatta Mishra , Biswabandan Panda Indian Institute of Technology Bombay, Sandeep K. Shukla Indian Institute of Technology Kanpur
DOI Pre-print Media Attached
05:26
4m
Talk
TriggerZoo: A Dataset of Android Applications Automatically Infected with Logic Bombs
Data and Tool Showcase Track
Jordan Samhi University of Luxembourg, Tegawendé F. Bissyandé SnT, University of Luxembourg, Jacques Klein University of Luxembourg
DOI Pre-print Media Attached
05:30
4m
Talk
CamBench - Cryptographic API Misuse Detection Tool Benchmark Suite
Registered Reports
Michael Schlichtig Heinz Nixdorf Institute at Paderborn University, Anna-Katharina Wickert TU Darmstadt, Germany, Stefan Krüger Independent Researcher, Eric Bodden University of Paderborn; Fraunhofer IEM, Mira Mezini TU Darmstadt
Pre-print
05:34
16m
Live Q&A
Discussions and Q&A
Technical Papers


Information for Participants
Thu 19 May 2022 05:00 - 05:50 at MSR Main room - odd hours - Session 10: Security Chair(s): Triet Le
Info for room MSR Main room - odd hours:

Click here to go to the room on Midspace