Abstract: Software is widely used in almost every domain. When software applications contain defects or errors, these errors or software bugs can trigger security problems, cause financial loss, or even jeopardize human health. However, maintaining software to remove all those errors is usually challenging. This is because to resolve a software issue, developers usually spend lots of time and effort in order to comprehend programs, so that they can apply program changes consistently, completely, and correctly. When developers have insufficient domain knowledge or misunderstand the program logic, they may fail to fix the bug or their bug fixes can actually introduce new bugs.

 

In this talk, I will present our recent research that intends to bridge the gap between program complexity and developers’ programming capabilities. There are two parts in my talk. For the first part, I will introduce our empirical studies on developers’ secure coding practices. By crawling and analyzing developers’ technical discussions on the StackOverflow website, we identified various programming challenges that developers are faced when they build security functionalities. We also showed security vulnerabilities due to developers’ API misuses. Furthermore, we examined the reliability of security suggestions on StackOverflow, and revealed a worrisome reality in the software development industry. For the second part, I will present our recent tool that recommends code refactorings for developers. All our empirical studies and techniques have the potential to help developers (1) better understand program complexity and the complexity of software maintenance, and (2) improve program maintenance as well as software quality.

Short Bio: Na Meng has been an assistant professor in the Computer Science Department at Virginia Tech since 2015. Before that, she received her PhD in Computer Science at The University of Texas at Austin. Her research interests include Software Engineering and Programming Languages. Specifically, she has conducted various empirical studies on software bugs and fixes, and investigated new approaches that help developers (1) comprehend programs and changes, (2) detect and fix bugs, (3) automate program transformations, and (4) search for similar software. Nowadays, Dr. Meng also investigates to automatically patch software vulnerabilities. Dr. Meng received the NSF CAREER Award in 2019.