2020
DOI: 10.1109/tse.2020.3005995
|View full text |Cite
|
Sign up to set email alerts
|

How Does Refactoring Impact Security When Improving Quality? A Security-Aware Refactoring Approach

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
21
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
5
3

Relationship

0
8

Authors

Journals

citations
Cited by 23 publications
(21 citation statements)
references
References 35 publications
0
21
0
Order By: Relevance
“…Rather than introducing refactorings specific to security, the authors propose a combination of existing refactorings to address the issue. Abid et al [2] propose a similar technique, studying the impact of different refactorings on a number of static security metrics. However, these papers do not consider security issues such as side-channel attacks, or ladderisation as a technique to eliminate the vulnerability.…”
Section: Related Workmentioning
confidence: 99%
“…Rather than introducing refactorings specific to security, the authors propose a combination of existing refactorings to address the issue. Abid et al [2] propose a similar technique, studying the impact of different refactorings on a number of static security metrics. However, these papers do not consider security issues such as side-channel attacks, or ladderisation as a technique to eliminate the vulnerability.…”
Section: Related Workmentioning
confidence: 99%
“…Takeaways. With recent works exploring the inducing effects of refactoring actions on software maintenance tasks such as bug fixes, Pull Request acceptance and security-aspects [13,15,17,20,31,32], we take a reverse approach to explore further how refactoring is used to help in vulnerability fixes. Our key takeaway message as highlighted in RQ1, is that developers do incorporate refactoring (i.e., 31.9%) operations when applying a vulnerability fix in practice.…”
Section: Implications and Future Plansmentioning
confidence: 99%
“…The urgency to respond and fix vulnerabilities has been further amplified with the recent advisories of highly severe security flaws in the third-party libraries such as Log4Shell, affecting thousands of software application that use the Maven Log4J library. 1 Prior work revealed that maintenance activities such as refactoring actions (aka operations) correlate with security-related aspects of code [13,35]. For instance, Abid et al [13] found correlations between refactoring operations and security-related aspects such as data-access security vulnerability metrics.…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation
“…Due to its importance, the literature presents several studies exploring refactoring-related problems. For instance, there are studies on motivations to perform refactoring operations [6], [12]- [14], challenges and benefits [15], [16], the impact on software quality [17]- [20], security [21]- [23], and also on tools to assist developers during refactoring tasks [24]- [30]. Besides, various studies focused on the identification of refactoring operations through analysis of version control systems [7]- [11], [25].…”
Section: Related Workmentioning
confidence: 99%