{"id":"https://openalex.org/W2563377808","doi":"https://doi.org/10.1109/scam.2016.30","title":"A Security Perspective on Code Review: The Case of Chromium","display_name":"A Security Perspective on Code Review: The Case of Chromium","publication_year":2016,"publication_date":"2016-10-01","ids":{"openalex":"https://openalex.org/W2563377808","doi":"https://doi.org/10.1109/scam.2016.30","mag":"2563377808"},"language":"en","primary_location":{"id":"doi:10.1109/scam.2016.30","is_oa":false,"landing_page_url":"https://doi.org/10.1109/scam.2016.30","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2016 IEEE 16th International Working Conference on Source Code Analysis and Manipulation (SCAM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5082781388","display_name":"Marco di Biase","orcid":"https://orcid.org/0000-0002-2209-6168"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Marco di Biase","raw_affiliation_strings":["Software Improvement Group, Amsterdam, Netherlands"],"affiliations":[{"raw_affiliation_string":"Software Improvement Group, Amsterdam, Netherlands","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103139734","display_name":"Magiel Bruntink","orcid":"https://orcid.org/0000-0002-6117-6347"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Magiel Bruntink","raw_affiliation_strings":["Software Improvement Group, Amsterdam, Netherlands"],"affiliations":[{"raw_affiliation_string":"Software Improvement Group, Amsterdam, Netherlands","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5082720005","display_name":"Alberto Bacchelli","orcid":"https://orcid.org/0000-0003-0193-6823"},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Alberto Bacchelli","raw_affiliation_strings":["Delft University of Technology, Delft, Netherlands"],"affiliations":[{"raw_affiliation_string":"Delft University of Technology, Delft, Netherlands","institution_ids":["https://openalex.org/I98358874"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5082781388"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":5.5239,"has_fulltext":false,"cited_by_count":37,"citation_normalized_percentile":{"value":0.96041208,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"21","last_page":"30"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9952999949455261,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6770314574241638},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.5987216830253601},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5192984938621521},{"id":"https://openalex.org/keywords/code-review","display_name":"Code review","score":0.5071754455566406},{"id":"https://openalex.org/keywords/perspective","display_name":"Perspective (graphical)","score":0.4666471481323242},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.42105820775032043},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.3822707235813141},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3819757401943207},{"id":"https://openalex.org/keywords/software-quality","display_name":"Software quality","score":0.3214595913887024},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.24824541807174683},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.21361884474754333},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.14488360285758972},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.10571518540382385},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.07364854216575623},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.07227364182472229}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6770314574241638},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.5987216830253601},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5192984938621521},{"id":"https://openalex.org/C150292731","wikidata":"https://www.wikidata.org/wiki/Q1342704","display_name":"Code review","level":5,"score":0.5071754455566406},{"id":"https://openalex.org/C12713177","wikidata":"https://www.wikidata.org/wiki/Q1900281","display_name":"Perspective (graphical)","level":2,"score":0.4666471481323242},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.42105820775032043},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.3822707235813141},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3819757401943207},{"id":"https://openalex.org/C117447612","wikidata":"https://www.wikidata.org/wiki/Q1412670","display_name":"Software quality","level":4,"score":0.3214595913887024},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.24824541807174683},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.21361884474754333},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.14488360285758972},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.10571518540382385},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.07364854216575623},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.07227364182472229}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1109/scam.2016.30","is_oa":false,"landing_page_url":"https://doi.org/10.1109/scam.2016.30","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2016 IEEE 16th International Working Conference on Source Code Analysis and Manipulation (SCAM)","raw_type":"proceedings-article"},{"id":"pmh:oai:www.zora.uzh.ch:197770","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4306401281","display_name":"Zurich Open Repository and Archive (University of Zurich)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I202697423","host_organization_name":"University of Zurich","host_organization_lineage":["https://openalex.org/I202697423"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":"di Biase, Marco; Bruntink, Magiel; Bacchelli, Alberto  (2016). A Security Perspective on Code Review: The Case of Chromium.  In: 2016 IEEE 16th International Working Conference on Source Code Analysis and Manipulation, Raleigh, NC, USA, 2 November 2016 - 3 November 2016. IEEE, 21-30.","raw_type":"Conference or Workshop Item"},{"id":"pmh:oai:tudelft.nl:uuid:971dc100-f7f9-4f34-abef-d3ed7f02b57d","is_oa":false,"landing_page_url":"http://resolver.tudelft.nl/uuid:971dc100-f7f9-4f34-abef-d3ed7f02b57d","pdf_url":null,"source":{"id":"https://openalex.org/S4306400906","display_name":"Research Repository (Delft University of Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I98358874","host_organization_name":"Delft University of Technology","host_organization_lineage":["https://openalex.org/I98358874"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"conference paper"},{"id":"doi:10.5167/uzh-197770","is_oa":true,"landing_page_url":"https://doi.org/10.5167/uzh-197770","pdf_url":null,"source":{"id":"https://openalex.org/S7407051291","display_name":"Universit\u00e4t Z\u00fcrich, ZORA","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":""}],"best_oa_location":{"id":"pmh:oai:www.zora.uzh.ch:197770","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4306401281","display_name":"Zurich Open Repository and Archive (University of Zurich)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I202697423","host_organization_name":"University of Zurich","host_organization_lineage":["https://openalex.org/I202697423"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":"di Biase, Marco; Bruntink, Magiel; Bacchelli, Alberto  (2016). A Security Perspective on Code Review: The Case of Chromium.  In: 2016 IEEE 16th International Working Conference on Source Code Analysis and Manipulation, Raleigh, NC, USA, 2 November 2016 - 3 November 2016. IEEE, 21-30.","raw_type":"Conference or Workshop Item"},"sustainable_development_goals":[{"score":0.44999998807907104,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":33,"referenced_works":["https://openalex.org/W125279808","https://openalex.org/W1481826112","https://openalex.org/W1628063087","https://openalex.org/W1965860954","https://openalex.org/W1997548934","https://openalex.org/W2010136639","https://openalex.org/W2019257047","https://openalex.org/W2036487649","https://openalex.org/W2042600809","https://openalex.org/W2063156085","https://openalex.org/W2075382909","https://openalex.org/W2078483536","https://openalex.org/W2091990486","https://openalex.org/W2095824036","https://openalex.org/W2107086891","https://openalex.org/W2125204770","https://openalex.org/W2127166753","https://openalex.org/W2137952932","https://openalex.org/W2140270836","https://openalex.org/W2142245496","https://openalex.org/W2144160189","https://openalex.org/W2147617769","https://openalex.org/W2148854374","https://openalex.org/W2161407365","https://openalex.org/W2169232226","https://openalex.org/W3032348063","https://openalex.org/W3158497763","https://openalex.org/W4235786747","https://openalex.org/W4246897279","https://openalex.org/W4256657178","https://openalex.org/W4389074850","https://openalex.org/W6605031466","https://openalex.org/W6628795673"],"related_works":["https://openalex.org/W2344367508","https://openalex.org/W101576598","https://openalex.org/W2904997879","https://openalex.org/W2504378244","https://openalex.org/W3081644756","https://openalex.org/W2019257047","https://openalex.org/W2097696338","https://openalex.org/W20188161","https://openalex.org/W4318539024","https://openalex.org/W4380568682"],"abstract_inverted_index":{"Modern":[0],"Code":[1],"Review":[2],"(MCR)":[3],"is":[4],"an":[5],"established":[6],"software":[7,14],"development":[8],"process":[9,57],"that":[10,19,51,182],"aims":[11],"to":[12,26,49,92,127,155,184,191],"improve":[13],"quality.":[15],"Although":[16],"evidence":[17,189],"showed":[18],"higher":[20],"levels":[21],"of":[22,35,69,112,122,145,147],"review":[23],"coverage":[24],"relates":[25],"less":[27],"post-release":[28],"bugs,":[29],"it":[30],"remains":[31],"unknown":[32],"the":[33,55,59,82,98,128,132,185],"effectiveness":[34],"MCR":[36,56,94,136],"at":[37,142,202],"specifically":[38],"finding":[39,203],"security":[40,77,99,105,113,140,204],"issues.":[41,205],"We":[42,64],"present":[43],"a":[44,143],"work":[45],"we":[46,134],"conduct":[47],"aiming":[48],"fill":[50],"gap":[52],"by":[53,79,194],"exploring":[54],"in":[58,81,95,137],"Chromium":[60,96,138,150],"open":[61],"source":[62],"project.":[63],"manually":[65],"analyzed":[66],"large":[67],"sets":[68],"registered":[70],"(114":[71],"cases)":[72,76],"and":[73,86,162,165],"missed":[74,117],"(71":[75],"issues":[78,106,114,141,158,161],"backtracking":[80],"project's":[83],"issue,":[84],"review,":[85],"code":[87,123,151,174],"histories.":[88],"This":[89],"enabled":[90],"us":[91],"qualify":[93],"from":[97,101],"perspective":[100],"several":[102],"angles:":[103],"Are":[104],"being":[107,199],"discussed":[108],"frequently?":[109],"What":[110,120],"categories":[111],"are":[115],"often":[116],"or":[118],"found?":[119],"characteristics":[121],"reviews":[124,152,175,192],"appear":[125],"relevant":[126],"discovery":[129],"rate?":[130],"Within":[131],"cases":[133],"analyzed,":[135],"addresses":[139],"rate":[144],"1%":[146],"reviewers'":[148],"comments.":[149],"mostly":[153,178],"tend":[154],"miss":[156],"language-specific":[157],"(eg":[159,168],"C++":[160],"buffer":[163],"overflows)":[164],"domain-specific":[166],"ones":[167],"such":[169],"as":[170],"Cross-Site":[171],"Scripting),":[172],"when":[173],"address":[176,180],"issues,":[177],"they":[179],"those":[181],"pertain":[183],"latter":[186],"type.":[187],"Initial":[188],"points":[190],"conducted":[193],"more":[195,200],"than":[196],"2":[197],"reviewers":[198],"successful":[201]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":8},{"year":2022,"cited_by_count":5},{"year":2021,"cited_by_count":8},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":5},{"year":2018,"cited_by_count":3}],"updated_date":"2026-04-07T14:57:38.498316","created_date":"2025-10-10T00:00:00"}