Discovering Authorship of Flawed Code Snippets

Student: Damon Otero

Major: Computer Science

Mentor: Dr. Kris Ghosh

Department: Computer Science

Discovering Authorship of Flawed Code Snippets

Static code analysis (SCA) tools provide useful information about a codebase on a variety of levels, ranging from security threats to software bugs. Yet industry-wide, SCA tools neglect to investigate the authorship of these coding flaws to the same scrutiny as other metrics. Since authors (i.e. programmers) create these coding flaws and are largely ignored during analysis, SCA tools ultimately treat the symptoms (the codeflaws) rather than the causes (the authors). By capitalizing on this oversight, we show that integrating the authorship of coding flaws into the analysis chain can uncover trends in the generation of a program's flaws and be used to develop social networks of 'programmer profiles' for tracking flaws and preventing them at the source. We analyze the open source software repositories forPHPmyAdmin, Drupal, and Moodle and describe the results for our approaches.