Round Table: Contemporary Code Review Practices: Characteristics and Benefits
The College of IS&T Round Table Presents:
Ph.D. Candidate in the Department of Computer Science & Engineering
University of Alabama
Contemporary Code Review Practices: Characteristics and Benefits
Friday, March 13, 2015
12:00 p.m. – 1:00 p.m.
Lunch will be provided at 11:30 a.m.
Peer code review is the process of analyzing code written by a teammate to judge whether it is of sufficient quality to be integrated into the main project codebase. Both Open Source Software (OSS) and commercial software projects have rapidly adopted contemporary peer code review practices as a quality control gateway. Developers spend 10% ~ 15% of their time performing code reviews. Therefore increasing the effectiveness of code review practices is beneficial for ensuring developers' time is spent wisely. Code reviews not only improve the quality of software code but also have other benefits (e.g., impression formation, knowledge sharing, and raising team awareness).
This talk will discuss the impact of code reviews and how to improve code review effectiveness. After introducing the objectives and the overall framework for my research, I will focus in on two specific studies. First, I will describe my study of eight OSS projects where we found that more experienced developers get their code accepted more quickly and more often. Then, I will talk about the usefulness of code reviews in preventing security vulnerabilities, and the characteristics of the vulnerable code changes that are identified during code reviews. In a study of 10 popular OSS projects, we found that most of the security vulnerabilities are introduced by the most experienced contributors. However, less experienced contributors are between 2 to 24 times more likely to introduce vulnerabilities. I will conclude this talk by drawing some conclusions from all of my studies and discussing future directions for my work.
Amiangshu Bosu is a Ph.D. candidate in the Department of Computer Science and Engineering at University of Alabama. He obtained his M.S. degree in Computer Science from the same department in 2012. He completed his Bachelor’s in Computer Science and Engineering from Bangladesh University of Engineering and Technology in 2006. His dissertation work focuses on improving the effectiveness of contemporary peer code review practices. His research interests include peer code review, empirical software engineering, software security, social software engineering, human factors, cybersecurity, mining software repositories, machine learning, and social network analysis. He was selected as the outstanding graduate researcher of Computer Science at University of Alabama in 2014. He was a summer intern for the Empirical Software Engineering group at Microsoft Research during 2014. He is a member of ACM and IEEE.