Duma, R. A.Niu, Z.Nyamawe, A.S.Tchaye-Kondi, J.Jingili, NYusuf, A. A.Deve, A. F2024-08-312024-08-312024Edward, E., Nyamawe, A. S., & Elisa, N. (2024). On the impact of refactorings on software attack surface. IEEE Access.URL: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10536085https://repository.udom.ac.tz/handle/20.500.12661/4923Abstract. Full-text available at https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10536085Refactoring is one of the techniques mostly employed by software developers to improve the quality attributes of their systems. However, little has been done to investigate how refactoring operations specifically aimed at improving the internal structure of software can impact its security. Refactoring usually entails different code change operations including the decomposition of classes, methods, and the reallocation of code elements. While this refinement aims to improve the internal design of a system, it might inadvertently disperse security-critical code elements throughout the codebase. Consequently, such dispersion could contribute to an increase in the software attack surface. To this end, this paper presents an empirical study conducted on 30 open-source software systems that were developed in Python, C, and Java. The study scrutinized two subsequent versions of each subject application to uncover the refactoring operations applied and the trend of security vulnerabilities. Specifically, the study focused on the injection or removal of bugs, code smells and other vulnerabilities aiming to discern the impact of refactorings on the software attack surface. Data was collected using well-known tools, namely SonarQube, RefDiff, and PyReff. The findings suggest that refactorings can have multiple effects (i.e., positive, negative, or neutral) on bugs, code smells, and vulnerabilities. The findings further confirm that developers must be aware of the combination or sequence of refactoring operations that can improve software quality without compromising its security.enAttack SurfaceBugsCode SmellsRefactoringVulnerabilitiesFake review detection techniques, issues, and future research directions: a literature reviewArticle10.1007/s10115-024-02118-2