Jove
Visualize
Contact Us
JoVE
x logofacebook logolinkedin logoyoutube logo
ABOUT JoVE
OverviewLeadershipBlogJoVE Help Center
AUTHORS
Publishing ProcessEditorial BoardScope & PoliciesPeer ReviewFAQSubmit
LIBRARIANS
TestimonialsSubscriptionsAccessResourcesLibrary Advisory BoardFAQ
RESEARCH
JoVE JournalMethods CollectionsJoVE Encyclopedia of ExperimentsArchive
EDUCATION
JoVE CoreJoVE BusinessJoVE Science EducationJoVE Lab ManualFaculty Resource CenterFaculty Site
Terms & Conditions of Use
Privacy Policy
Policies

Related Concept Videos

Long-patch Base Excision Repair01:02

Long-patch Base Excision Repair

6.9K
Since the discovery of the two BER pathways, there has been a debate about how a cell chooses one pathway over the other and the factors determining this selection. Numerous in vitro experiments have pointed out multiple determinants for the sub-pathway selection. These are:
6.9K

You might also read

Related Articles

Articles linked to this work by shared authors, journal, and citation graph.

Sort by
Same authorSame journal

Is common sense all you need? Using expert defined rules to identify vulnerability patches instead of machine learning.

Empirical software engineering·2026
Same author

Algorithm Perception When Using Threat Intelligence in Vulnerability Risk Assessment.

Risk analysis : an official publication of the Society for Risk Analysis·2026
Same author

Risks of ignoring uncertainty propagation in AI-augmented security pipelines.

Risk analysis : an official publication of the Society for Risk Analysis·2025
Same author

The Work-Averse Cyberattacker Model: Theory and Evidence from Two Million Attack Signatures.

Risk analysis : an official publication of the Society for Risk Analysis·2021
Same author

Who Should Pay for Interdependent Risk? Policy Implications for Security Interdependence Among Airports.

Risk analysis : an official publication of the Society for Risk Analysis·2020

Related Experiment Video

Updated: May 23, 2025

Detection of Rare Genomic Variants from Pooled Sequencing Using SPLINTER
14:06

Detection of Rare Genomic Variants from Pooled Sequencing Using SPLINTER

Published on: June 23, 2012

15.1K

On the effects of program slicing for vulnerability detection during code inspection.

Aurora Papotti1, Katja Tuma1, Fabio Massacci1,2

  • 1Foundational Security, Afdeling Informatica, Vrije Universiteit, Amsterdam, NL the Netherlands.

Empirical Software Engineering
|April 8, 2025
PubMed
Summary

Fault localization slicing aids developers in finding security vulnerabilities. Method-level slicing helps identify vulnerable code areas, improving detection rates, especially when considering a small context window.

Keywords:
code reviewcontrolled experimentprogram comprehensionprogram slicingvulnerability

More Related Videos

Using RNA-sequencing to Detect Novel Splice Variants Related to Drug Resistance in In Vitro Cancer Models
09:58

Using RNA-sequencing to Detect Novel Splice Variants Related to Drug Resistance in In Vitro Cancer Models

Published on: December 9, 2016

13.6K
Setup and Execution Of the Blindfolded Code Training Exercise
05:25

Setup and Execution Of the Blindfolded Code Training Exercise

Published on: March 29, 2019

9.3K

Related Experiment Videos

Last Updated: May 23, 2025

Detection of Rare Genomic Variants from Pooled Sequencing Using SPLINTER
14:06

Detection of Rare Genomic Variants from Pooled Sequencing Using SPLINTER

Published on: June 23, 2012

15.1K
Using RNA-sequencing to Detect Novel Splice Variants Related to Drug Resistance in In Vitro Cancer Models
09:58

Using RNA-sequencing to Detect Novel Splice Variants Related to Drug Resistance in In Vitro Cancer Models

Published on: December 9, 2016

13.6K
Setup and Execution Of the Blindfolded Code Training Exercise
05:25

Setup and Execution Of the Blindfolded Code Training Exercise

Published on: March 29, 2019

9.3K

Area of Science:

  • Software Engineering
  • Cybersecurity
  • Empirical Software Engineering

Background:

  • Fault localization techniques like slicing are crucial for debugging and program comprehension.
  • The empirical effectiveness of slicing in human code inspection for vulnerability detection remains under-explored.
  • Existing research lacks a clear definition of correctly identified vulnerable lines during code review.

Purpose of the Study:

  • To define criteria for accurately identifying vulnerable lines in code.
  • To investigate if method-level slicing enhances code reviewers' ability to detect security vulnerabilities.
  • To evaluate the impact of slicing on vulnerability detection effectiveness in software.

Main Methods:

  • A novel approach defining correctly identified lines using a δ-neighborhood (context size) was proposed.
  • A multi-year controlled experiment (2017-2023) involved 236 MSc students in security courses.
  • Participants identified vulnerabilities in original or sliced Java files from Apache Tomcat, using intra-procedural thin slicing for reduced code review.

Main Results:

  • Slicing significantly increased the likelihood of participants finding 'something' (any vulnerable lines) versus 'nothing'.
  • For exact line matching (δ=0), slicing showed no statistical advantage over analyzing original files for those who found vulnerabilities.
  • With a broader context (δ=3), slicing improved vulnerability detection compared to analyzing original files.

Conclusions:

  • Method-level slicing is beneficial for improving the detection of security vulnerabilities during code inspection.
  • The effectiveness of slicing is context-dependent, with larger neighborhood sizes (δ=3) yielding better results.
  • Further research with experienced developers is needed to generalize these findings.