Abstract
Code review is a critical step in the software development life cycle, which assesses and boosts the code's effectiveness and correctness, pinpoints security issues, and raises its quality by adhering to best practices. Due to the increased need for personal data protection motivated by legislation, code reviewers need to understand where personal data is located in software systems and how it is handled. Although most recent work on code review focuses on security vulnerabilities, privacy-related techniques are not easy for code reviewers to implement, making their inclusion in the code review process challenging. In this paper, we present ongoing work on a new approach to identifying personal data processing, enabling developers and code reviewers in drafting privacy analyses and complying with regulations such as the General Data Protection Regulation (GDPR).
Author supplied keywords
Cite
CITATION STYLE
Tang, F., Østvold, B. M., & Bruntink, M. (2023). Identifying Personal Data Processing for Code Review. In International Conference on Information Systems Security and Privacy (pp. 568–575). Science and Technology Publications, Lda. https://doi.org/10.5220/0011725700003405
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
