Files
logseq/assets/msr2024-technical-paper100-SATD_1702046660022_0.edn
T
2025-06-05 22:07:12 +02:00

906 lines
49 KiB
Clojure
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{:highlights [{:id #uuid "657b0337-6189-4b88-828a-a4e41e886c07",
:page 1,
:position {:bounding {:x1 114.22917175292969,
:y1 517.03125,
:x2 627.5102996826172,
:y2 561.6771240234375,
:width 1305.6,
:height 1689.6},
:rects ({:x1 114.22917175292969,
:y1 517.03125,
:x2 627.5102996826172,
:y2 538.3646240234375,
:width 1305.6,
:height 1689.6}
{:x1 114.76042175292969,
:y1 540.34375,
:x2 470.45664978027344,
:y2 561.6771240234375,
:width 1305.6,
:height 1689.6}),
:page 1},
:content {:text "This work investigates the security implications of SATD from a technical and developer-centred perspective."},
:properties {:color "green"}}
{:id #uuid "657b034a-6da8-4c4e-9589-da4b20a0d5bc",
:page 1,
:position {:bounding {:x1 114.10417175292969,
:y1 540.34375,
:x2 630.6959075927734,
:y2 631.96875,
:width 1305.6,
:height 1689.6},
:rects ({:x1 618.5191040039062,
:y1 540.34375,
:x2 627.461669921875,
:y2 561.6771240234375,
:width 1305.6,
:height 1689.6}
{:x1 114.76042175292969,
:y1 563.8333740234375,
:x2 627.4716033935547,
:y2 585.1666870117188,
:width 1305.6,
:height 1689.6}
{:x1 114.76042175292969,
:y1 587.1458740234375,
:x2 630.6959075927734,
:y2 608.4791870117188,
:width 1305.6,
:height 1689.6}
{:x1 114.10417175292969,
:y1 610.6354370117188,
:x2 402.02879333496094,
:y2 631.96875,
:width 1305.6,
:height 1689.6}),
:page 1},
:content {:text "it analyses whether security pointers disclosed inside SATD sources can be used to characterise vulnerabilities in Open-Source Software (OSS) projects and repositories"},
:properties {:color "purple"}}
{:id #uuid "657b035f-880e-400d-b6bc-52cfc54836df",
:page 1,
:position {:bounding {:x1 114.76042175292969,
:y1 610.6354370117188,
:x2 627.5328369140625,
:y2 678.59375,
:width 1305.6,
:height 1689.6},
:rects ({:x1 563.0949096679688,
:y1 610.6354370117188,
:x2 627.5328369140625,
:y2 631.96875,
:width 1305.6,
:height 1689.6}
{:x1 114.76042175292969,
:y1 633.9479370117188,
:x2 626.8239593505859,
:y2 655.28125,
:width 1305.6,
:height 1689.6}
{:x1 114.76042175292969,
:y1 657.2604370117188,
:x2 625.4587249755859,
:y2 678.59375,
:width 1305.6,
:height 1689.6}),
:page 1},
:content {:text "it delves into developers perspectives regarding the motivations behind this practice, its prevalence, and its potential negative consequences"},
:properties {:color "purple"}}
{:id #uuid "657b037c-e116-4902-af66-9151ee9ac98e",
:page 1,
:position {:bounding {:x1 114.76042175292969,
:y1 704.0625,
:x2 627.5103607177734,
:y2 748.71875,
:width 1305.6,
:height 1689.6},
:rects ({:x1 165.97483825683594,
:y1 704.0625,
:x2 627.5103607177734,
:y2 725.3958740234375,
:width 1305.6,
:height 1689.6}
{:x1 114.76042175292969,
:y1 727.3854370117188,
:x2 188.72341918945312,
:y2 748.71875,
:width 1305.6,
:height 1689.6}),
:page 1},
:content {:text "analysis of a preexisting dataset containing 94,455 SATD instances"},
:properties {:color "green"}}
{:id #uuid "657b0383-b5ac-4672-a89d-3fa8c3dcdf15",
:page 1,
:position {:bounding {:x1 271.4266357421875,
:y1 727.3854370117188,
:x2 591.58349609375,
:y2 748.71875,
:width 1305.6,
:height 1689.6},
:rects ({:x1 271.4266357421875,
:y1 727.3854370117188,
:x2 591.58349609375,
:y2 748.71875,
:width 1305.6,
:height 1689.6}),
:page 1},
:content {:text " online survey with 222 OSS practitioners"},
:properties {:color "green"}}
{:id #uuid "657b03d6-fc1a-4889-9316-a0048d186dcf",
:page 1,
:position {:bounding {:x1 114.22917175292969,
:y1 750.8646240234375,
:x2 627.5078125,
:y2 819,
:width 1305.6,
:height 1689.6},
:rects ({:x1 164.0858154296875,
:y1 750.8646240234375,
:x2 627.5078125,
:y2 772.1979370117188,
:width 1305.6,
:height 1689.6}
{:x1 114.76042175292969,
:y1 774.1875,
:x2 627.4780120849609,
:y2 795.5208740234375,
:width 1305.6,
:height 1689.6}
{:x1 114.22917175292969,
:y1 797.6666870117188,
:x2 254.36236572265625,
:y2 819,
:width 1305.6,
:height 1689.6}),
:page 1},
:content {:text "We gathered 201 SATD instances through the dataset analysis and mapped them to different Common Weakness Enumeration(CWE) identifiers. "},
:properties {:color "blue"}}
{:id #uuid "657b03f5-da8f-43b9-b6f9-f9dd4ac56d3a",
:page 1,
:position {:bounding {:x1 114.76042175292969,
:y1 797.6666870117188,
:x2 630.3765106201172,
:y2 889.125,
:width 1305.6,
:height 1689.6},
:rects ({:x1 318.6688537597656,
:y1 797.6666870117188,
:x2 627.5242919921875,
:y2 819,
:width 1305.6,
:height 1689.6}
{:x1 114.76042175292969,
:y1 820.9896240234375,
:x2 627.4748382568359,
:y2 842.3229370117188,
:width 1305.6,
:height 1689.6}
{:x1 114.76042175292969,
:y1 844.3021240234375,
:x2 630.3765106201172,
:y2 865.6354370117188,
:width 1305.6,
:height 1689.6}
{:x1 114.76042175292969,
:y1 867.7916870117188,
:x2 214.3110809326172,
:y2 889.125,
:width 1305.6,
:height 1689.6}),
:page 1},
:content {:text "25 different types of CWEs were spotted across commit messages, pull requests, code comments, and issue sections, from which 8 appear among MITREs Top-25 most dangerous ones"},
:properties {:color "blue"}}
{:id #uuid "657b0418-e290-4295-b8ea-881eb58074ad",
:page 1,
:position {:bounding {:x1 114.76042175292969,
:y1 867.7916870117188,
:x2 629.5842132568359,
:y2 959.2396240234375,
:width 1305.6,
:height 1689.6},
:rects ({:x1 224.0298309326172,
:y1 867.7916870117188,
:x2 627.1461029052734,
:y2 889.125,
:width 1305.6,
:height 1689.6}
{:x1 114.76042175292969,
:y1 891.1041870117188,
:x2 627.9604339599609,
:y2 912.4375,
:width 1305.6,
:height 1689.6}
{:x1 114.76042175292969,
:y1 914.4166870117188,
:x2 629.5842132568359,
:y2 935.75,
:width 1305.6,
:height 1689.6}
{:x1 114.76042175292969,
:y1 937.90625,
:x2 282.4364013671875,
:y2 959.2396240234375,
:width 1305.6,
:height 1689.6}),
:page 1},
:content {:text "The survey shows that software practitioners often place security pointers across SATD artefacts to promote a security culture among their peers and help them spot flaky code sections, among other motives."},
:properties {:color "yellow"}}
{:id #uuid "657b046c-1931-43c5-a9bc-86d76e4e5c78",
:page 1,
:position {:bounding {:x1 114.76042175292969,
:y1 961.21875,
:x2 627.9556732177734,
:y2 1052.6771240234375,
:width 1305.6,
:height 1689.6},
:rects ({:x1 592.866943359375,
:y1 961.21875,
:x2 627.62060546875,
:y2 982.5521240234375,
:width 1305.6,
:height 1689.6}
{:x1 114.76042175292969,
:y1 984.5416870117188,
:x2 627.9556732177734,
:y2 1005.875,
:width 1305.6,
:height 1689.6}
{:x1 114.76042175292969,
:y1 1008.0208740234375,
:x2 627.4692230224609,
:y2 1029.354248046875,
:width 1305.6,
:height 1689.6}
{:x1 114.76042175292969,
:y1 1031.34375,
:x2 589.8331146240234,
:y2 1052.6771240234375,
:width 1305.6,
:height 1689.6}),
:page 1},
:content {:text " Our findings suggest that preserving the contextual integrity of security pointers disseminated across SATD artefacts is critical to safeguard both commercial and OSS solutions against zero-day attacks."},
:properties {:color "yellow"}}
{:id #uuid "657dc10b-c38b-4a52-b157-494912c8d7c5",
:page 1,
:position {:bounding {:x1 550.546875,
:y1 410.96875,
:x2 967.6505126953125,
:y2 447.5546875,
:width 1060.8,
:height 1372.8},
:rects ({:x1 753.9152221679688,
:y1 410.96875,
:x2 967.6505126953125,
:y2 428.46875,
:width 1060.8,
:height 1372.8}
{:x1 550.546875,
:y1 430.0546875,
:x2 848.4317626953125,
:y2 447.5546875,
:width 1060.8,
:height 1372.8}),
:page 1},
:content {:text "circumvent with spurious design workarounds and sub-optimal implementations"},
:properties {:color "green"}}
{:id #uuid "657dc119-1283-4d18-a8eb-7ef4e1eaaa4b",
:page 1,
:position {:bounding {:x1 551.078125,
:y1 468.078125,
:x2 970.3164672851562,
:y2 504.5234375,
:width 1060.8,
:height 1372.8},
:rects ({:x1 634.2393188476562,
:y1 468.078125,
:x2 970.3164672851562,
:y2 485.578125,
:width 1060.8,
:height 1372.8}
{:x1 551.078125,
:y1 487.0234375,
:x2 903.294189453125,
:y2 504.5234375,
:width 1060.8,
:height 1372.8}),
:page 1},
:content {:text " low-quality artefacts that can impair the future maintenance and evolution of the system being developed"},
:properties {:color "green"}}
{:id #uuid "657dc13b-c9f7-4126-b876-5ad92d0bbc4f",
:page 1,
:position {:bounding {:x1 551.078125,
:y1 544,
:x2 970.0072631835938,
:y2 580.4375,
:width 1060.8,
:height 1372.8},
:rects ({:x1 739.9590454101562,
:y1 544,
:x2 970.0072631835938,
:y2 561.5,
:width 1060.8,
:height 1372.8}
{:x1 551.078125,
:y1 562.9375,
:x2 782.6049194335938,
:y2 580.4375,
:width 1060.8,
:height 1372.8}),
:page 1},
:content {:text " TD can incur extra work in the longterm, not to mention additional costs."},
:properties {:color "green"}}
{:id #uuid "657dc145-ed1e-4fea-b3d7-f08c4c30fe94",
:page 1,
:position {:bounding {:x1 551.078125,
:y1 562.9375,
:x2 967.6495361328125,
:y2 618.46875,
:width 1060.8,
:height 1372.8},
:rects ({:x1 831.4208984375,
:y1 562.9375,
:x2 967.6441040039062,
:y2 580.4375,
:width 1060.8,
:height 1372.8}
{:x1 551.078125,
:y1 582.0234375,
:x2 967.6495361328125,
:y2 599.5234375,
:width 1060.8,
:height 1372.8}
{:x1 551.078125,
:y1 600.96875,
:x2 844.7333984375,
:y2 618.46875,
:width 1060.8,
:height 1372.8}),
:page 1},
:content {:text " it is deemed a critical issue for software development and considered ubiquitous to most software projects across all industry segments"},
:properties {:color "purple"}}
{:id #uuid "657dc170-7bea-4bff-bae2-a4de42595c02",
:page 1,
:position {:bounding {:x1 551.078125,
:y1 705.4375,
:x2 967.64892578125,
:y2 760.9609375,
:width 1060.8,
:height 1372.8},
:rects ({:x1 800.6972045898438,
:y1 705.4375,
:x2 967.39697265625,
:y2 722.9375,
:width 1060.8,
:height 1372.8}
{:x1 551.078125,
:y1 724.515625,
:x2 967.64892578125,
:y2 742.015625,
:width 1060.8,
:height 1372.8}
{:x1 551.078125,
:y1 743.4609375,
:x2 847.0096435546875,
:y2 760.9609375,
:width 1060.8,
:height 1372.8}),
:page 1},
:content {:text "security incurs extra costs as it is frequently seen as an “after-thought” instead of an actual priority in the software development life cycle"},
:properties {:color "green"}}
{:id #uuid "657dc187-f390-45fe-986f-312a1ccc2ab6",
:page 1,
:position {:bounding {:x1 551.078125,
:y1 762.40625,
:x2 967.3717041015625,
:y2 798.9921875,
:width 1060.8,
:height 1372.8},
:rects ({:x1 805.4207763671875,
:y1 762.40625,
:x2 967.3717041015625,
:y2 779.90625,
:width 1060.8,
:height 1372.8}
{:x1 551.078125,
:y1 781.4921875,
:x2 631.2735595703125,
:y2 798.9921875,
:width 1060.8,
:height 1372.8}),
:page 1},
:content {:text " intersection between TD and security"},
:properties {:color "blue"}}
{:id #uuid "657dc1ad-caf0-4cff-8619-2ae58d6fbd8a",
:page 1,
:position {:bounding {:x1 551.078125,
:y1 895.4296875,
:x2 969.2659912109375,
:y2 950.9609375,
:width 1060.8,
:height 1372.8},
:rects ({:x1 580.91455078125,
:y1 895.4296875,
:x2 969.2659912109375,
:y2 912.9296875,
:width 1060.8,
:height 1372.8}
{:x1 551.078125,
:y1 914.375,
:x2 967.6387329101562,
:y2 931.875,
:width 1060.8,
:height 1372.8}
{:x1 551.078125,
:y1 933.4609375,
:x2 751.0281982421875,
:y2 950.9609375,
:width 1060.8,
:height 1372.8}),
:page 1},
:content {:text "significant part of TD is explicitly reported by developers themselves in the form of “self-admissions”, namely through software artefacts such as code comments"},
:properties {:color "blue"}}
{:id #uuid "657dc1e2-9695-46ff-b97d-1149ee389da5",
:page 1,
:position {:bounding {:x1 551.078125,
:y1 1047.3984375,
:x2 970.2335205078125,
:y2 1140.8203125,
:width 1060.8,
:height 1372.8},
:rects ({:x1 890.374267578125,
:y1 1047.3984375,
:x2 969.359375,
:y2 1064.8984375,
:width 1060.8,
:height 1372.8}
{:x1 551.078125,
:y1 1066.34375,
:x2 970.207275390625,
:y2 1083.84375,
:width 1060.8,
:height 1372.8}
{:x1 551.078125,
:y1 1085.4296875,
:x2 967.5057373046875,
:y2 1102.9296875,
:width 1060.8,
:height 1372.8}
{:x1 551.078125,
:y1 1105.609375,
:x2 970.2335205078125,
:y2 1123.109375,
:width 1060.8,
:height 1372.8}
{:x1 551.078125,
:y1 1123.3203125,
:x2 876.2894897460938,
:y2 1140.8203125,
:width 1060.8,
:height 1372.8}),
:page 1},
:content {:text "Particularly, an attacker could take advantage of security pointers disclosed inside these sources (e.g., a code comment like “TODO: Make it thread-safe”) to spot exploitable weaknesses in the system threatening its availability, confidentiality and integrity. "},
:properties {:color "purple"}}
{:id #uuid "657dc427-af89-4c6b-bce5-4cb9d1a4c390",
:page 1,
:position {:bounding {:x1 551.078125,
:y1 1142.3984375,
:x2 967.6470947265625,
:y2 1197.7890625,
:width 1060.8,
:height 1372.8},
:rects ({:x1 721.1380615234375,
:y1 1142.3984375,
:x2 967.6424560546875,
:y2 1159.8984375,
:width 1060.8,
:height 1372.8}
{:x1 551.078125,
:y1 1161.34375,
:x2 967.6470947265625,
:y2 1178.84375,
:width 1060.8,
:height 1372.8}
{:x1 551.078125,
:y1 1180.2890625,
:x2 682.3818359375,
:y2 1197.7890625,
:width 1060.8,
:height 1372.8}),
:page 1},
:content {:text " the security implications of SATD have not been investigated nor documented throughout the literature up to our knowledge"},
:properties {:color "blue"}}
{:id #uuid "657dc6fb-e377-4918-99cb-750ab2872eaa",
:page 2,
:position {:bounding {:x1 107.5859375,
:y1 193.0078125,
:x2 588.353759765625,
:y2 235.03125,
:width 1224,
:height 1584},
:rects ({:x1 130.5911865234375,
:y1 193.0078125,
:x2 588.353759765625,
:y2 213.0078125,
:width 1224,
:height 1584}
{:x1 107.5859375,
:y1 215.03125,
:x2 227.69491577148438,
:y2 235.03125,
:width 1224,
:height 1584}),
:page 2},
:content {:text " implications of security pointers inside SATD instances across multiple sources"},
:properties {:color "purple"}}
{:id #uuid "657dc710-9843-4cbd-ac68-61370542bd06",
:page 2,
:position {:bounding {:x1 106.9765625,
:y1 215.03125,
:x2 591.3734130859375,
:y2 300.765625,
:width 1224,
:height 1584},
:rects ({:x1 432.4708557128906,
:y1 215.03125,
:x2 591.3734130859375,
:y2 235.03125,
:width 1224,
:height 1584}
{:x1 107.5859375,
:y1 236.890625,
:x2 590.332275390625,
:y2 256.890625,
:width 1224,
:height 1584}
{:x1 107.5859375,
:y1 258.75,
:x2 588.356689453125,
:y2 278.75,
:width 1224,
:height 1584}
{:x1 106.9765625,
:y1 280.765625,
:x2 459.8996887207031,
:y2 300.765625,
:width 1224,
:height 1584}),
:page 2},
:content {:text "whether explicit references to security vulnerabilities inside code comments, commits, issue reports, and pull requests can help characterise exploitable weaknesses inside Open-Source Software (OSS"},
:properties {:color "blue"}}
{:id #uuid "657dc74f-1a59-490f-89d9-dd3bd5143987",
:page 2,
:position {:bounding {:x1 107.5859375,
:y1 302.625,
:x2 588.35498046875,
:y2 366.5,
:width 1224,
:height 1584},
:rects ({:x1 167.35498046875,
:y1 302.625,
:x2 588.35498046875,
:y2 322.625,
:width 1224,
:height 1584}
{:x1 107.5859375,
:y1 324.484375,
:x2 588.34912109375,
:y2 344.484375,
:width 1224,
:height 1584}
{:x1 107.5859375,
:y1 346.5,
:x2 260.7581787109375,
:y2 366.5,
:width 1224,
:height 1584}),
:page 2},
:content {:text " OSS projects and repositories as they become easy targets of security attacks by making their artefacts visible and available to the public in general "},
:properties {:color "green"}}
{:id #uuid "657dc794-12d3-4c51-91b8-77e5a5ef87d4",
:page 2,
:position {:bounding {:x1 126.4375,
:y1 416.0390625,
:x2 590.2296142578125,
:y2 457.8984375,
:width 1224,
:height 1584},
:rects ({:x1 126.4375,
:y1 416.0390625,
:x2 590.2296142578125,
:y2 436.0390625,
:width 1224,
:height 1584}
{:x1 126.4375,
:y1 437.8984375,
:x2 510.3699951171875,
:y2 457.8984375,
:width 1224,
:height 1584}),
:page 2},
:content {:text "RQ1: Can SATD sources contain pointers to security weaknesses and vulnerabilities inside OSS repositories?"},
:properties {:color "blue"}}
{:id #uuid "657dc7a1-e7f0-4bcc-af73-58094e6608af",
:page 2,
:position {:bounding {:x1 126.4375,
:y1 503.7890625,
:x2 591.34326171875,
:y2 567.5078125,
:width 1224,
:height 1584},
:rects ({:x1 436.77423095703125,
:y1 503.7890625,
:x2 588.3168334960938,
:y2 523.7890625,
:width 1224,
:height 1584}
{:x1 126.4375,
:y1 525.6484375,
:x2 591.34326171875,
:y2 545.6484375,
:width 1224,
:height 1584}
{:x1 126.4375,
:y1 547.5078125,
:x2 148.34214782714844,
:y2 567.5078125,
:width 1224,
:height 1584}),
:page 2},
:content {:text "546 security-relevant SATD candidates and inspected them manually for security pointers"},
:properties {:color "green"}}
{:id #uuid "657dc7ac-5da8-4f6f-b13d-53927c27ef57",
:page 2,
:position {:bounding {:x1 126.4375,
:y1 547.5078125,
:x2 591.34326171875,
:y2 611.390625,
:width 1224,
:height 1584},
:rects ({:x1 326.2711181640625,
:y1 547.5078125,
:x2 587.1630859375,
:y2 567.5078125,
:width 1224,
:height 1584}
{:x1 126.4375,
:y1 569.53125,
:x2 591.34326171875,
:y2 589.53125,
:width 1224,
:height 1584}
{:x1 126.4375,
:y1 591.390625,
:x2 145.0221710205078,
:y2 611.390625,
:width 1224,
:height 1584}),
:page 2},
:content {:text " 201 Security Self-Admitted Technical Debt (SSATD) observations that we considered for further analysis"},
:properties {:color "yellow"}}
{:id #uuid "657dc7d0-92a6-4e6b-af25-a2a30bff0079",
:page 2,
:position {:bounding {:x1 126.4375,
:y1 613.25,
:x2 588.3197021484375,
:y2 655.265625,
:width 1224,
:height 1584},
:rects ({:x1 126.4375,
:y1 613.25,
:x2 588.3197021484375,
:y2 633.25,
:width 1224,
:height 1584}
{:x1 126.4375,
:y1 635.265625,
:x2 527.8638305664062,
:y2 655.265625,
:width 1224,
:height 1584}),
:page 2},
:content {:text "RQ2: Which particular weakness and vulnerabilities are frequently exposed through different SATD sources?"},
:properties {:color "blue"}}
{:id #uuid "657dc806-5f06-4633-a890-e5639a826fa5",
:page 2,
:position {:bounding {:x1 126.4375,
:y1 701,
:x2 591.3416137695312,
:y2 786.734375,
:width 1224,
:height 1584},
:rects ({:x1 292.75909423828125,
:y1 701,
:x2 588.3223876953125,
:y2 721,
:width 1224,
:height 1584}
{:x1 126.4375,
:y1 722.859375,
:x2 591.3416137695312,
:y2 742.859375,
:width 1224,
:height 1584}
{:x1 126.4375,
:y1 744.875,
:x2 588.01806640625,
:y2 764.875,
:width 1224,
:height 1584}
{:x1 126.4375,
:y1 766.734375,
:x2 461.6142272949219,
:y2 786.734375,
:width 1224,
:height 1584}),
:page 2},
:content {:text "25 different CWE types across commit messages, code comments, pull requests, and issue reports. Moreover, 8 of these 25 CWEs appear listed among MITREs Top-25 most dangerous software weaknesses in 2023."},
:properties {:color "green"}}
{:id #uuid "657dc80c-3168-4d1e-a104-2ae61b0ce9b4",
:page 2,
:position {:bounding {:x1 126.4375,
:y1 788.59375,
:x2 587.6395263671875,
:y2 830.609375,
:width 1224,
:height 1584},
:rects ({:x1 126.4375,
:y1 788.59375,
:x2 587.6395263671875,
:y2 808.59375,
:width 1224,
:height 1584}
{:x1 126.4375,
:y1 810.609375,
:x2 333.0499267578125,
:y2 830.609375,
:width 1224,
:height 1584}),
:page 2},
:content {:text "RQ3: What is developers perspective on security-related SATD in OSS repositories?"},
:properties {:color "blue"}}
{:id #uuid "657dc827-0c7e-4b4b-8852-afdd509477af",
:page 2,
:position {:bounding {:x1 126.4375,
:y1 920.2265625,
:x2 591.3485107421875,
:y2 962.0859375,
:width 1224,
:height 1584},
:rects ({:x1 288.17401123046875,
:y1 920.2265625,
:x2 591.3485107421875,
:y2 940.2265625,
:width 1224,
:height 1584}
{:x1 126.4375,
:y1 942.0859375,
:x2 506.4214782714844,
:y2 962.0859375,
:width 1224,
:height 1584}),
:page 2},
:content {:text "many practitioners engage with this practice, although they recognise it as potentially risky. "},
:properties {:color "green"}}
{:id #uuid "657dc8b7-d222-40d5-8d66-705aaaccff4b",
:page 2,
:position {:bounding {:x1 107.5859375,
:y1 1278.6875,
:x2 591.2879638671875,
:y2 1342.5625,
:width 1224,
:height 1584},
:rects ({:x1 504.496826171875,
:y1 1278.6875,
:x2 591.2879638671875,
:y2 1298.6875,
:width 1224,
:height 1584}
{:x1 107.5859375,
:y1 1300.546875,
:x2 588.3570556640625,
:y2 1320.546875,
:width 1224,
:height 1584}
{:x1 107.5859375,
:y1 1322.5625,
:x2 299.4558410644531,
:y2 1342.5625,
:width 1224,
:height 1584}),
:page 2},
:content {:text " a few publications in the current literature explore the interface between software security and TD"},
:properties {:color "green"}}
{:id #uuid "657dc8ed-8198-455d-b95c-6e3f183b7401",
:page 2,
:position {:bounding {:x1 635.8671875,
:y1 215.03125,
:x2 1119.671142578125,
:y2 300.765625,
:width 1224,
:height 1584},
:rects ({:x1 892.2384033203125,
:y1 215.03125,
:x2 1116.63623046875,
:y2 235.03125,
:width 1224,
:height 1584}
{:x1 635.8671875,
:y1 236.890625,
:x2 1119.671142578125,
:y2 256.890625,
:width 1224,
:height 1584}
{:x1 635.8671875,
:y1 258.75,
:x2 1118.60107421875,
:y2 278.75,
:width 1224,
:height 1584}
{:x1 635.8671875,
:y1 280.765625,
:x2 718.1690063476562,
:y2 300.765625,
:width 1224,
:height 1584}),
:page 2},
:content {:text " they suggest that tools/methods such as code reviews and threat modelling are suitable to spot internal quality issues in software requirements, coding, architecture, and testing"},
:properties {:color "green"}}
{:id #uuid "657dca95-443e-4a10-8e43-8bca892cb0ba",
:page 2,
:position {:bounding {:x1 635.8671875,
:y1 609.4453125,
:x2 1118.9429931640625,
:y2 673.3203125,
:width 1224,
:height 1584},
:rects ({:x1 900.6593627929688,
:y1 609.4453125,
:x2 1118.9429931640625,
:y2 629.4453125,
:width 1224,
:height 1584}
{:x1 635.8671875,
:y1 631.4609375,
:x2 1117.703369140625,
:y2 651.4609375,
:width 1224,
:height 1584}
{:x1 635.8671875,
:y1 653.3203125,
:x2 887.8391723632812,
:y2 673.3203125,
:width 1224,
:height 1584}),
:page 2},
:content {:text "They conclude that TD pointers can help improve the performance of Machine Learning (ML) models for vulnerability prediction."},
:properties {:color "green"}}
{:id #uuid "657dcabf-d2aa-4545-b8ea-0ce2982bda30",
:page 2,
:position {:bounding {:x1 635.8671875,
:y1 1058.828125,
:x2 1119.6539306640625,
:y2 1122.703125,
:width 1224,
:height 1584},
:rects ({:x1 843.0870361328125,
:y1 1058.828125,
:x2 1116.635986328125,
:y2 1078.828125,
:width 1224,
:height 1584}
{:x1 635.8671875,
:y1 1080.6875,
:x2 1119.6539306640625,
:y2 1100.6875,
:width 1224,
:height 1584}
{:x1 635.8671875,
:y1 1102.703125,
:x2 738.2830200195312,
:y2 1122.703125,
:width 1224,
:height 1584}),
:page 2},
:content {:text "more than 55% of self-admissions in the form of code comments correspond to insecure implementations/snippets"},
:properties {:color "blue"}}],
:extra {:page 7}}