{"id":"https://openalex.org/W4286560733","doi":"https://doi.org/10.3233/jcs-210098","title":"Towards verifiable web-based code review systems","display_name":"Towards verifiable web-based code review systems","publication_year":2022,"publication_date":"2022-07-22","ids":{"openalex":"https://openalex.org/W4286560733","doi":"https://doi.org/10.3233/jcs-210098"},"language":"en","primary_location":{"id":"doi:10.3233/jcs-210098","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-210098","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5015664022","display_name":"Hammad Afzali","orcid":null},"institutions":[{"id":"https://openalex.org/I118118575","display_name":"New Jersey Institute of Technology","ror":"https://ror.org/05e74xb87","country_code":"US","type":"education","lineage":["https://openalex.org/I118118575"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hammad Afzali","raw_affiliation_strings":["Department of Computer Science, New Jersey Institute of Technology, NJ, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, New Jersey Institute of Technology, NJ, USA","institution_ids":["https://openalex.org/I118118575"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025546105","display_name":"Santiago Torres-Arias","orcid":"https://orcid.org/0000-0002-9283-3557"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Santiago Torres-Arias","raw_affiliation_strings":["Department of Electrical and Computer Engineering, Purdue University, IN, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, Purdue University, IN, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076193507","display_name":"Reza Curtmola","orcid":"https://orcid.org/0000-0002-7586-0932"},"institutions":[{"id":"https://openalex.org/I118118575","display_name":"New Jersey Institute of Technology","ror":"https://ror.org/05e74xb87","country_code":"US","type":"education","lineage":["https://openalex.org/I118118575"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Reza Curtmola","raw_affiliation_strings":["Department of Computer Science, New Jersey Institute of Technology, NJ, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, New Jersey Institute of Technology, NJ, USA","institution_ids":["https://openalex.org/I118118575"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5030900037","display_name":"Justin Cappos","orcid":"https://orcid.org/0000-0003-1926-8544"},"institutions":[{"id":"https://openalex.org/I57206974","display_name":"New York University","ror":"https://ror.org/0190ak572","country_code":"US","type":"education","lineage":["https://openalex.org/I57206974"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Justin Cappos","raw_affiliation_strings":["Tandon School of Engineering, New York University, NY, USA"],"affiliations":[{"raw_affiliation_string":"Tandon School of Engineering, New York University, NY, USA","institution_ids":["https://openalex.org/I57206974"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5076193507"],"corresponding_institution_ids":["https://openalex.org/I118118575"],"apc_list":null,"apc_paid":null,"fwci":0.1379,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.53582485,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":99},"biblio":{"volume":"31","issue":"2","first_page":"153","last_page":"184"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.820525050163269},{"id":"https://openalex.org/keywords/code-review","display_name":"Code review","score":0.6423108577728271},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.6094258427619934},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6039333939552307},{"id":"https://openalex.org/keywords/verifiable-secret-sharing","display_name":"Verifiable secret sharing","score":0.5920042991638184},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5293310880661011},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.4891686737537384},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.4462684690952301},{"id":"https://openalex.org/keywords/static-program-analysis","display_name":"Static program analysis","score":0.3731880187988281},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.3512747883796692},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.33764785528182983},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.21423640847206116},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.20486727356910706},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.1785700023174286}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.820525050163269},{"id":"https://openalex.org/C150292731","wikidata":"https://www.wikidata.org/wiki/Q1342704","display_name":"Code review","level":5,"score":0.6423108577728271},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.6094258427619934},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6039333939552307},{"id":"https://openalex.org/C85847156","wikidata":"https://www.wikidata.org/wiki/Q59015987","display_name":"Verifiable secret sharing","level":3,"score":0.5920042991638184},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5293310880661011},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.4891686737537384},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.4462684690952301},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.3731880187988281},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.3512747883796692},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.33764785528182983},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.21423640847206116},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.20486727356910706},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.1785700023174286}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.3233/jcs-210098","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-210098","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","score":0.6000000238418579,"id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":12,"referenced_works":["https://openalex.org/W1986222079","https://openalex.org/W2015696622","https://openalex.org/W2575922489","https://openalex.org/W2803419445","https://openalex.org/W2805110658","https://openalex.org/W2808429234","https://openalex.org/W2809645923","https://openalex.org/W2899099075","https://openalex.org/W2899274966","https://openalex.org/W2901363067","https://openalex.org/W3011558368","https://openalex.org/W3015371013"],"related_works":["https://openalex.org/W2969257295","https://openalex.org/W2904997879","https://openalex.org/W2206096527","https://openalex.org/W1997548934","https://openalex.org/W3088818900","https://openalex.org/W2097696338","https://openalex.org/W4231404931","https://openalex.org/W2953870164","https://openalex.org/W4255790880","https://openalex.org/W1974908123"],"abstract_inverted_index":{"Although":[0],"code":[1,18,31,40,63,87,106,130,139,148],"review":[2,19,32,41,88,107,131,140,149,154],"is":[3,14,174],"an":[4],"essential":[5],"step":[6],"for":[7,84,164],"ensuring":[8],"the":[9,27,30,39,82,86,105,135,138,147,152,178,186,201],"quality":[10],"of":[11,29,98,127,137,200],"software,":[12],"it":[13],"surprising":[15],"that":[16,121,146,172,185],"current":[17],"systems":[20],"do":[21],"not":[22],"have":[23,53],"mechanisms":[24],"to":[25,46,64,69,103,114,133],"protect":[26],"integrity":[28,136],"process.":[33,89,108],"We":[34,109,156],"uncover":[35],"multiple":[36],"attacks":[37],"against":[38],"infrastructure":[42],"which":[43],"are":[44],"easy":[45],"execute,":[47],"stealthy":[48],"in":[49,77,176],"nature,":[50],"and":[51,67,142,166],"can":[52,122],"a":[54,96,118,128,160,191],"significant":[55],"impact,":[56],"such":[57],"as":[58,159],"allowing":[59],"malicious":[60],"or":[61],"buggy":[62],"be":[65,123],"merged":[66],"propagated":[68],"future":[70],"releases.":[71],"To":[72],"improve":[73],"this":[74,78,91],"status":[75],"quo,":[76],"work":[79],"we":[80,93],"lay":[81],"foundations":[83],"securing":[85],"Towards":[90],"end,":[92],"first":[94],"identify":[95],"set":[97],"key":[99],"design":[100],"principles":[101,113],"necessary":[102],"secure":[104],"then":[110],"use":[111],"these":[112],"propose":[115],"SecureReview":[116,158,173,187],",":[117],"security":[119,169],"mechanism":[120],"applied":[124],"on":[125],"top":[126],"Git-based":[129],"system":[132],"ensure":[134],"process":[141,150],"provide":[143],"verifiable":[144],"guarantees":[145],"followed":[151],"intended":[153],"policy.":[155],"implement":[157],"Chrome":[161],"browser":[162],"extension":[163],"GitHub":[165],"Gerrit.":[167],"Our":[168],"analysis":[170],"shows":[171,184],"effective":[175],"mitigating":[177],"aforementioned":[179],"attacks.":[180],"An":[181],"experimental":[182],"evaluation":[183],"implementation":[188],"only":[189],"adds":[190],"slight":[192],"storage":[193],"overhead":[194],"(":[195],"i.e.,":[196],"less":[197],"than":[198],"0.0006":[199],"repository":[202],"size).":[203]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1}],"updated_date":"2026-03-14T08:43:22.919905","created_date":"2025-10-10T00:00:00"}