Peer Code Review to Prevent Security Vulnerabilities: An Empirical Evaluation

Abstract

Peer code review, as an effective quality improvement practice, has also been considered important for reducing security vulnerabilities. There is a lack of empirical evidence to quantify and support this claim. Therefore, we propose a research plan to analyze mature open source projects to gather empirical evidence regarding the relationship between peer code review and security vulnerabilities. As a proof-of-concept, we analyzed the Chromium OS project and found that reviewers identified potential vulnerabilities in 32 review requests.