A Study of The Effectiveness of Code Review in Detecting Security Vulnerabilities

1e416013186c20a17cb4d84 20230720031158121 beie:beie director@blueeyesintelligence.org WEB-FORM International Journal of Recent Technology and Engineering (IJRTE) IJRTE 22773878 10.35940/ijrte.2277-3878 https://www.ijrte.org/ 07 30 2023 12 2 A Study of The Effectiveness of Code Review in Detecting Security Vulnerabilities Faculty of Computing, Sri Lanka Institute of Information Technology, Malabe, Sri Lanka. G.H.N Anuththara https://orcid.org/0009-0009-1634-694X S.S.U Senadheera https://orcid.org/0009-0003-6061-2906 Faculty of Computing, Sri Lanka Institute of Information Technology, Malabe, Sri Lanka. S.M.T.V Samarasekara https://orcid.org/0009-0008-6784-0158 Faculty of Computing, Sri Lanka Institute of Information Technology, Malabe, Sri Lanka. K.M.G.T Herath https://orcid.org/0009-0000-1224-959X Faculty of Computing, Sri Lanka Institute of Information Technology, Malabe, Sri Lanka. M. V. N. Godapitiya https://orcid.org/0009-0000-2529-3311 Faculty of Computing, Sri Lanka Institute of Information Technology, Malabe, Sri Lanka. Dr. D. I. De Silva https://orcid.org/0000-0001-6821-488X Faculty of Computing, Sri Lanka Institute of Information Technology, Malabe, Sri Lanka. Software flaws pose a severe danger to the security and privacy of computer systems and the people who use them [1]. For software systems to be reliable and available, vulnerabilities must be found and fixed before they may be used against the system [2]. Two popular methods for finding weaknesses in software systems are code review and penetration testing [3]. Which method is better for identifying vulnerabilities, nevertheless, is not widely agreed upon [4]. The usefulness of code reviews and penetration tests in locating vulnerabilities is reviewed in detail in this study. We evaluate much empirical research [5] and contrast the benefits and drawbacks of each method. According to our research, both code reviews and penetration tests are useful for uncovering vulnerabilities [6], despite the fact that their effectiveness varies based on the kind of vulnerability, the complexity of the code, and the testers' or reviewers' experience [7][8]. Additionally, we discovered that doing both penetration testing and code review together may be more efficient than using each approach alone [9]. These results may help software engineers, security experts, and researchers choose and use the right approach for locating weaknesses in software systems. 07 30 2023 11 19 CC BY-NC-ND 4.0 10.35940/BEIESP.CrossMarkPolicy www.ijrte.org true International Journal of Recent Technology and Engineering (IJRTE) No, We did not receive. No conflicts of interest to the best of our knowledge. No, the article does not require ethical approval and consent to participate with evidence. Not relevant All authors having equal contribution for this article. 10.35940/ijrte.B7671.0712223 https://www.ijrte.org/portfolio-item/B76710712223/