Cesar: Visual representation of source code vulnerabilities

摘要

Code analysis tools are not widely accepted by developers, and software vulnerabilities are detected by the thousands every year. We take a user-centered approach to that problem, starting with analyzing one of the popular open source static code analyzers, and uncover serious usability issues facing developers. We then design Cesar, a system offering developers a visual analysis environment to support their quest to rid their code of vulnerabilities. We present a prototype implementation of Cesar, and perform a usability analysis of the prototype and the visualizations it employs. Our analysis shows that the prototype is promising in promoting collaboration, exploration, and enabling developers to focus on the overall quality of their code as well as inspect individual vulnerabilities. We finally provide general recommendations to guide future designs of code review tools to enhance their usability.