Exploring the Influence of Fault Type, Fault Position and Gender on the Testing Process using Code Review Technique

ABSTRACT Cybersecurity risks are increasing in frequency and complexity, but many organizations struggle to plan and implement adequate protections at all stages of the software development life cycle (SDLC). Security is frequently added at the end of development (afterthought), and making effective use of safeguard space is difficult for IT leaders. The purpose of this study is to produce an all‐encompassing framework to adopt and ensure security throughout each phase of the SDLC, from planning through maintenance. The aim is to minimize vulnerabilities and improve the resilience of software by making “security by design” a structure that not only adopts security elegantly as a living document but also is built to be part of the development process. This study adopted a mixed‐methods approach. The initial stage of inquiry involved a systematic literature review (SLR) to identify common cybersecurity issues associated with each SDLC phase. The SLR was followed by an empirical survey of 71 software professionals from a variety of organizations. The survey was designed to gather perceived threats, current practices, and challenges associated with software development for survey participants' organizations. The data collected were analyzed and reviewed statistically, through chi‐square tests and ANOVA, to profile the variance relative to the size of the organization, geographic region, and experience level of the practitioner. The results noted several high‐risk challenges across the SDLC: underfunded security controls, imprecise requirements, insecure architecture, software bugs (i.e., injection vulnerabilities), inadequate testing, misconfigured production environments, and unreliable maintenance. The proposed framework provides cybersecurity mitigation techniques for each stage of the SDLC, such as leveraging security‐oriented design patterns, secure coding policies (i.e., input validation and authentication protocols), robust testing (i.e., penetration testing and code review), and continuous monitoring after deployment. The implementation of these measures leads to a significant risk reduction in the overall organizational security posture. The framework is a formalized end‐to‐end approach to secure software development by embedding security throughout the cycle. Embedding security as a part of the process versus an afterthought at every stage of the cycle creates a risk reduction impact. This integrated approach also provides organizations with the opportunity to foresee and mitigate events earlier in the cycle, along with general compliance mandates (i.e., GDPR, HIPAA, and PCI‐DSS), to provide more resilient, trustworthy software systems.

The method of strengthening of monolithic reinforced concrete slabs with steel beams in the lower zone is considered. From the late 1990s to the present, residential and civil construction in our country has been based on monolithic frame technology, where flat slabs are mainly used. Slabs often need to be strengthening as a result of damage caused by various reasons or when architectural and planning solutions are changed. Strengthening of such slabs with steel beams is used quite often in construction practice, especially in cases where it is not possible to fully unload the slab structure. The technical solutions for this method of strengthening have been developed for a long time and have many variations. However, if we analyse the building codes in the field of reconstruction and strengthening, we can identify a certain lack of calculation methods for the analysis of strengthening structures. A slab in a monolithic frame system is a repeatedly statically indeterminate structure, so its adequate calculation without the use of modern software systems is hardly possible. A review of the current building codes in the field of reconstruction and strengthening is carried out. A number of publications in professional journals devoted to this topic and calculation approaches in the design of strengthening are considered. The structural features of strengthening with unloading beams are analysed. A practical methodology for calculating monolithic slabs strengthening with beams in the lower zone using the LIRA-SAPR software package is proposed. The methodology is based on taking into account the initial deformed state of the floor slab. The calculation is carried out by a step-iterative method, taking into account the physical-nonlinear properties of reinforced concrete and the life cycle of the structure. Particular attention is paid to the method of modelling the contact zone "slab-strengthening beam". The contact zone is modelled by means of one-sided connection, which perceives only compression forces. The presented calculation algorithm has been tested by the author in the design of many facilities that have been implemented and successfully operated for a long time.

Generative AI enables personalized computer science education at scale, yet questions remain about whether such personalization supports or undermines learning. This scoping review synthesizes 32 studies (2023–2025) purposively sampled from 259 records to map personalization mechanisms and effectiveness signals in higher-education CS contexts. We identify five application domains—intelligent tutoring, personalized materials, formative feedback, AI-augmented assessment, and code review—and analyze how design choices shape learning outcomes. Designs incorporating explanation-first guidance, solution withholding, graduated hint ladders, and artifact grounding (student code, tests, and rubrics) consistently show more positive learning processes than unconstrained chat interfaces. Successful implementations share four patterns: context-aware tutoring anchored in student artifacts, multi-level hint structures requiring reflection, composition with traditional CS infrastructure (autograders and rubrics), and human-in-the-loop quality assurance. We propose an exploration-firstadoption framework emphasizing piloting, instrumentation, learning-preserving defaults, and evidence-based scaling. Four recurrent risks—academic integrity, privacy, bias and equity, and over-reliance—are paired with operational mitigation. Critical evidence gaps include longitudinal effects on skill retention, comparative evaluations of guardrail designs, equity impacts at scale, and standardized replication metrics. The evidence supports generative AI as a mechanism for precision scaffolding when embedded in exploration-first, audit-ready workflows that preserve productive struggle while scaling personalized support.

Artificial neural networks with backpropagation algorithms have successfully simulated the hierarchical biological brain structures to realize machine learning and describe biological brain learning in many cognitive tasks. However, backpropagation algorithms do not fully follow the rules of biological brain learning to update weights and transmit information, which affects the biological plausibility of backpropagation in the field of neuroscience. The objective of this review is to investigate predictive coding theory as a biologically plausibility alternative to backpropagation, examining both its theoretical potential and practical application feasibility. The predictive coding proposes that the brain minimizes the error between external inputs and expectations by continuously generating and updating internal predictive models, thereby efficiently understanding and interpreting sensory information. Compared with backpropagation, the two core advantages of predictive coding lie in its capacity for efficient local computation and inherent biological plausibility, making it a promising alternative approach to backpropagation. A series of neuroscience experiments have further validated the role of predictive coding in perception, motor control, and cognitive function, highlighting its significance in the study of brain credit assignment mechanisms.

Abstract Code review is a widespread practice in software engineering during which developers examine each other’s source code changes to identify potential issues and improve code quality. Among the automated techniques proposed by researchers to reduce the manual workload of code review, Automated Code Revision (ACR) aims to automatically address reviewers’ feedback by producing a revised version of the code. Transformer-based language models have demonstrated state-of-the-art results in ACR. The performance of these models, however, is significantly influenced by the quality and preparation of the training and evaluation data. We present several systematic analyses of prevalent preprocessing steps, examined both cumulatively and in isolation, across three established preprocessing pipelines and two dataset splitting strategies (time-level vs. project-level). Our study spans across models of different scales: OpenNMT (small), T5 and CodeReviewer (mid-sized), LoRA-tuned CodeLLaMA-7B (large), and GPT-3.5-Turbo (large, black-box). Using datasets up to 496k training records, we evaluate and statistically compare models’ performance using exact match ratio (EXM), CodeBLEU, and Levenshtein ratio. Our findings show that preprocessing may be a significant component in the success of the different techniques: OpenNMT relies on heavy preprocessing; T5 benefits from light filtering (selective removal of records); CodeReviewer performs best when trained on larger, less aggressively filtered data; CodeLLaMA-7B and ChatGPT-3.5 Turbo are largely indifferent to preprocessing. Overall, the effectiveness of ACR tools depends on aligning preprocessing with model scale and training setup. In general, small models need abstraction, mid-sized ones benefit from light filtering, and large-scale models perform best when trained on the original, unprocessed form of the code.

Peer code review in research software development: The research software engineer perspective

Assessing the Impact and Implications of AI-Driven Code Generation and Review: An Empirical and Legal-Scientific Analysis

Generative AI tools increasingly shape established software engineering practices such as code review, but the socio-technical implications of using AI for these practices remain understudied. In this paper we first introduce vibe coding (Andrej Karpathy [@karpathy], 2025) as a method for allowing researchers with limited coding experience to rapidly create custom made probes for conducting research. Guided by Alami and Ernst’s (2025) findings on AI-generated feedback for code review, we introduce a vibe coded AI/Voice based code review prototype as a provotype (Boer and Donovan, 2012). We then outline an explorative study to critically assess the socio-technical effects of using AI based voice interfaces in code reviews. We propose a qualitative approach, based on the Disruptive Research Playbook (Storey et al., 2024), involving Danish software developers to investigate voice-based feedback's impact on topics including trust, collaboration, and perceived skill shifts. Initial methodological reflections emphasize the need for cautious exploration using the provotype as an intervention for gathering data in the form of reactions, expectations, and concern about the effects of AI interactions, in the established professional practise of code review. Next steps are to finalize the provotype, complete the research design and collect and analyze qualitative data from interventions with danish software developer teams.

Public Code Review (PCR) is developed in the Software Question Answering (SQA) community, assisting developers in exploring high-quality and efficient review services. Current methods on PCR mainly focus on the reviewer's perspective, including finding a capable reviewer, predicting comment quality, and recommending/generating review comments. However, it is not well studied that how to satisfy the review necessity requests posted by developers which can increase their visibility, which in turn acts as a prerequisite for better review responses. To this end, we propose K nowledge-guided P rompt learning for P ublic C ode R eview (KP-PCR) to achieve developer-based code review request quality assurance (i.e., predicting request necessity and recommending tags subtask). Specifically, we reformulate the two subtasks via 1) text prompt tuning which converts both of them into a Masked Language Model (MLM) by constructing prompt templates using hard prompt; and 2) knowledge and code prefix tuning which introduces knowledge guidance from fine-tuned large language models by soft prompt, and uses program dependence graph to characterize code snippets. Finally, both of the request necessity prediction and tag recommendation subtasks output predicted results through an answer engineering module. In addition, we further analysis the time complexity of our KP-PCR that has lightweight prefix based the operation of introducing knowledge guidance. Experimental results on the PCR dataset for the period 2011-2023 demonstrate that our KP-PCR outperforms baselines by 2.3%-8.4% in the request necessity prediction and by 1.4%-6.9% in the tag recommendation. The code implementation is released at https://github.com/WUT-IDEA/KP-PCR .

BackgroundThe critical transition from preclinical theory to clinical practice in medical education is often hampered by a crisis of student confidence. Self-efficacy – belief in one’s capabilities – is paramount for effective patient interaction, yet how longitudinal, early community-based experiences during the preclinical phase foster this self-efficacy remains underexplored. This study investigated the impact of an early, longitudinal community-based education program, CFHC, which provides patient interaction from the first to seventh semester, on medical students’ self-efficacy for clinical clerkships.MethodsA descriptive qualitative study was conducted with seven first-semester clinical clerkship students (3 females, 4 males) at Universitas Gadjah Mada, Indonesia, who had participated in the longitudinal CFHC program. Data were collected via semistructured interviews, guided by the Social Cognitive Theory, and subjected to inductive thematic analysis. Rigor was ensured through peer coding, technical and peer review of the analysis, expert consultation, and member checking, with achievement of data saturation.ResultsThe analysis of student experiences yielded ten main themes and thirty subthemes, revealing a significant positive impact of the CFHC program on students’ self-efficacy. These themes were synthesized into four developmental variables (early exposure as a catalyst, adaptive communication as an enabler, reflective practice as a mediator, and professional growth as a transformational outcome). Two novel conceptual models were developed: the Longitudinal Clinical Immersion (LCI) framework, which maps the four key stages of student’s development from initial exposure to professional growth, and the Self-Efficacy Infinity Loop (SEIL) model, which explains the core psychological mechanism of how students convert experience into confidence through a reinforcing cycle of action and reflection.ConclusionsEarly, longitudinal community-based education which provides patient interaction is a promising strategy for cultivating medical student self-efficacy. The LCI framework and SEIL model provide valuable conceptual tools for understanding and designing educational experiences that foster not only clinical skills but also the robust self-efficacy essentials for competent, compassionate, and adaptive future physicians. Integrating such programs is a valuable component of effective medical education.

With the significant breakthroughs of deep learning technologies such as large language models (LLMs) in the field of code analysis, AI has evolved from an auxiliary tool to a key technology that deeply participates in code optimization and resolving performance issues. As modern software system architectures become increasingly complex, the requirements for their performance have also become more stringent. During the coding stage, developers find it difficult to effectively identify and resolve potential performance issues using traditional methods. This review focuses on the application of artificial intelligence in two key areas: AI-assisted intelligent code generation and AI-povered code review. The review systematically analyzed the application of LLMs in software development, revealing a situation where efficiency gains coexist with quality challenges. In terms of code generation, models such as Code Llama and Copilot have significantly accelerated the development process. In the field of code review, AI can effectively handle code standards and low-severity defects. However, in the future, this field still needs to address the issues of the reliability and security of the code generated by LLMs, as well as the insufficient explainability of the results of automated performance analysis. The future research focus in this field lies in addressing issues such as the lack of interpretability and insufficient domain knowledge of LLMs. It is necessary to prioritize enhancing the reliability of AI recommendations and promoting the transformation of AI from an auxiliary tool to an intelligent Agent with self-repair capabilities, in order to achieve a truly efficient and secure human-machine collaboration paradigm. This article systematically reviews the relevant progress, aiming to promote the transformation of software engineering from an artificial-driven model to an AI-enhanced automated paradigm. It provides theoretical references for ensuring the quality of backend code, improving product delivery speed, and enhancing system reliability.

A code of ethics, as proof of nursing professionalism, is used to promote nursing's core values. In the United States, the American Nurses Association's (ANA) Code of Ethics is accepted as the primary source for professional nursing values. Particular processes are used within nursing to embed professional values into nursing discourse. A historical review of the ANA Code of Ethics, a review of published articles about professional nursing values, and an examination of the development and globalization of the Nurses Professional Values Scale informed our examination of nursing's efforts to delineate, instill, and measure professional nursing values. The analysis was informed theoretically by Bourdieu and his concept of "playing the game." Constructing and reinforcing professional nursing values reveals difficulties about what constitutes core nursing values and what they mean, particularly with respect to values that comprise the good nurse; the inability to measure and evaluate said values; and the colonization of Western values globally. The inordinate amount of time and energy spent on nursing values surfaced the vexing nature of such efforts. The concept of profession and its accompanying values must be regarded with suspicion.

This study focuses on the technical concealment and fixed evidence of copyright infringement on online education platforms and puts forward an analysis framework including “technical feature deconstruction-infringement identification-criminal regulation path” and a binary judgment standard of “technical intrusion intensity-subjective cognition degree.” By generating a countermeasure network (GAN) to detect the anomaly of user behavior logs, the technology-neutral boundary that conforms to the modesty of criminal law is established, and the crime identification rules based on the reverse cracking of encryption technology, the accomplice evaluation model with distributed storage characteristics, and the criminal-criminal cooperation mechanism with smart contract code review as the core are formulated. Experiments show that the matching degree of elements of the framework reaches 98.2% in a single scene, but the technology-neutral evaluation module needs to be optimized in mixed scenes, which provides a systematic solution with both theory and practice for online education copyright protection.

Abstract - Generative Artificial Intelligence (GenAI) has emerged as a transformative technology in software development, providing intelligent tools like GitHub Copilot, ChatGPT, and Amazon Code Whisperer. These tools assist developers in tasks such as code generation, bug detection, automated testing, refactoring, documentation, and project management, thereby improving productivity, accuracy, and accessibility. Currently, GenAI is integrated across multiple stages of software engineering—from requirements analysis and design to implementation and maintenance—allowing even less technically skilled professionals to contribute effectively. While these tools offer significant benefits, they also face challenges such as nondeterministic outputs, hallucinations, limited understanding of higher-level design principles, security risks, and dependency concerns. Despite these limitations, the current state of GenAI demonstrates its potential to complement human developers, accelerate development cycles, and reduce repetitive workloads. Looking forward, the future scope of GenAI includes autonomous code generation, AI-assisted DevOps, improved integration with software architecture, and smarter project management, which can enable more sustainable, scalable, and intelligent software development. Moreover, GenAI has the potential to revolutionize collaborative software development by assisting teams in real-time code reviews and project coordination. Integration with cloud-based development environments and version control systems further increases accessibility and scalability. Finally, ethical considerations such as fairness, transparency, and accountability are becoming increasingly important as AI-driven software development expands. Keywords: Generative AI, Software Development, Automation, LLM, GitHub Copilot, ChatGPT, Code Whisperer

Objective:This study provides an up-to-date diagnosis framework for the study of emergency general surgery (EGS) patients. A final list of International Classification of Diseases, Tenth Revision (ICD-10) codes was the main outcome for the study. Codes were compared with the number codes generated by MapIT alone.Background:Since transition to ICD-10, a Delphi process to define EGS diagnoses, as originally described for the ICD, Ninth Revision (ICD-9) codeset, has not been performed. Automated mapping software (MapIT) has been utilized, with a few studies verifying the translation.Methods:Using previously defined ICD-9 EGS codes, MapIT was used to identify ICD-10 EGS codes. Review of adjacent codes in a Delphi process resulted in a finalized list of ICD-10 codes. Delphi and MapIT codes were quantified in the Nationwide Inpatient Sample to compare rates to the ICD-9 era.Results:MapIT identified 935 ICD-10 codes from 485 ICD-9 codes. Manual review identified an additional 1907 adjacent codes. In total, after the modified Delphi process, 1579 (55.6%) of manually and MapIT-identified codes were included in the final codeset. After initial mapping, 880 (55.7%) of the final codes did not automatically map through the software. MapIT codes resulted in a significantly decreased number of patient encounters in the Nationwide Inpatient Sample compared with Delphi codes in the ICD-10 era.Conclusions:The Delphi-created ICD-10 EGS codeset provides a more robust, accurate translation of the ICD-9 codes than MapIT software. This codeset can be used to inform EGS research to study and improve EGS patients’ care.

Background: Inflammation is associated with cardiovascular diseases (CVD). We previously described Chronic Inflammatory-Related Disease (ChrIRD), a composite of non-cardiovascular, non-diabetes, and non-cancer pathologies, both infectious and non-infectious, with a common basis of inflammation. ChrIRD had a bidirectional association with CVD, was predated by elevated inflammatory biomarker levels, and portended high mortality. ChrIRD represents a unique opportunity to study underlying inflammatory processes that link clinical inflammatory disease and CVD. Research Questions: We hypothesize that a subclinical biochemical profile consistent with inflammasome activity is associated with future ChrIRD and CVD while profiles of other inflammatory pathways associated with atherogenesis may associate differentially. Methods: In 2000-2002 the Multi-Ethnic Study of Atherosclerosis (MESA) enrolled 6,814 participants aged 45-84 and free of overt CVD. ChrIRD diagnosis was based on review of hospital and death ICD codes. Incident CVD was adjudicated by review of medical records. Inflammation biomarker levels were measured in baseline blood samples and categorized as associated primarily with inflammasome activity, adaptive immune system activation, thrombosis, or endothelial dysfunction. We performed separate age, race, sex adjusted proportional hazards regressions for these baseline biomarker groups and future ChrIRD, future CVD, and mortality. Results: Participants had mean age 62±10 years and 47% were male. Baseline biomarker associations are summarized in Table 1. Each outcome occurred in about 20% of participants. Biomarkers associated with inflammasome activity and adaptive immune system activity were associated with future ChrIRD, CVD, and mortality. Among biomarkers associated with thrombosis, only PAI-1 was associated with future ChrIRD and CVD but not mortality. For endothelial dysfunction, matrix metalloproteinases were not associated whereas cellular adhesion markers ICAM and E-Selectin were associated with ChrIRD, CVD, and mortality. Conclusions: Subclinical biochemical profiles consistent with increased inflammasome activity and various inflammatory mechanisms associated with atherogenesis predict both future ChrIRD and CVD.

Introduction: In the United States, In-Hospital Cardiac Arrest occurs approximately 292,000 times annually with high variability in survival. Code review programs allow insight into performance where key metrics such as compression rate can be evaluated, then compared to benchmarks. The AHA recommends a compression rate of 100-120 compressions per minute (cpm). Hypothesis: The team hypothesized that compression rate compliance is associated with improved ROSC and survival to discharge in IHCA cases. Method: In 2024, a multisite observational study was conducted using an internal resuscitation registry which included 513 adult cardiac arrests across 14 hospitals. Chest compression rate was collected in 60-sec intervals resulting in 7,271 minutes of CPR. Cases were categorized by outcome: achieved ROSC, survival to discharge, or deceased. Outcome groups were evaluated for compression rate performance compliance. Compliant – 80% within compression rate range Non-compliant – < 33.3% compliant to rate range (calculated 1 st quartile) Results: ROSC was more frequently achieved at compression rates slightly above the AHA recommended range (figure1). Specifically, 70% of ROSC compression minutes are found within 104-126 cpm (mean ~116). This custom range captured a significantly higher proportion of ROSC minutes compared to the standard range (69.65% vs. 63.16%, p <0.05, CI 95%) and encompassed more cases that survived to discharge (p<0.05) (figure 2). Compliance with both the AHA recommended and custom range was significantly associated with ROSC ( p <0.05). Distribution for ROSC vs non-ROSC cases had a significant overlap and highlighted differences in the frequency across compression rates (figure 3). Non-ROSC cases had higher average compression rates and greater variability, while ROSC cases had a tighter interquartile range centered around 116 cpm ( p <0.05). ROSC frequency declined with rates exceeding 1 Standard Deviation above the mean. Conclusions: This study shows an association between high-quality compression rate adherence and higher ROSC and survival to discharge after IHCA. Findings suggest a slight upward adjustment to the recommended compression rate range may enhance ROSC and survival to discharge. By incorporating data from both academic and community hospitals, this study adds valuable insight to an under-researched area. Future research should explore additional chest compression performance metric assessments and impact on clinical outcomes.

Background/Objectives: The Commission d’examen des troubles mentaux (CETM), under Quebec’s Tribunal Administratif du Québec, reviews individuals found not criminally responsible on account of mental disorder (NCRMD). These hearings seek to balance public safety with reintegration, guided largely by treatment team recommendations. Despite the CETM’s central role in forensic psychiatry, limited empirical data exist on how its decisions align with clinical advice and which dynamic risk factors influence outcomes. This study aimed to (1) profile the CETM’s 2023 caseload, (2) evaluate concordance between CETM dispositions and treatment team recommendations, and (3) examine clinical, social, and legal factors associated with decision-making. Methods: We conducted a retrospective review of 1721 judgments issued by the CETM in 2023, retrieved from the publicly accessible Société Québécoise d’information juridique (SOQUIJ) database. Eligible cases included annual NCRMD review hearings, excluding trial fitness assessments and repeated hearings within the same year. A structured coding grid documented sociodemographic, administrative, legal, and clinical information, with emphasis on dynamic risk factors such as treatment adherence, substance use, and recent aggression. Descriptive analyses summarized population characteristics and concordance between clinical recommendations and CETM decisions. Results: The cohort was predominantly male (85%) with a mean age of 41 years. Psychotic disorders were the most frequent primary diagnoses (76%), frequently accompanied by substance use and antisocial traits. Most patients (79.6%) had prior psychiatric hospitalizations, while 25.5% had prior incarcerations. Nearly half displayed recent aggression or non-compliance. Treatment teams most often recommended conditional discharge (55%), followed by detention with conditions (21%) and unconditional release (19%). CETM decisions aligned with recommendations in 83.6% of cases; when divergent, rulings were more restrictive (8.6%) than permissive (4.6%). Conclusions: This study provides the first large-scale profile of Quebec’s CETM. High concordance with clinical teams was observed, but restrictive decisions were more frequent in cases of disagreement. The findings underscore the importance of incorporating standardized risk assessment tools to enhance transparency, consistency, and balance in forensic decision-making.

Technical Debt (TD) represents the effort required to address quality issues that affect a software system and progressively hinder code evolution over time. A pull request (PR) is a discrete unit of work that must meet specific quality standards to be integrated into the main codebase. PRs offer a valuable opportunity to assess how developers handle TD and how codebase quality evolves. In this work, we conducted two empirical analyses to understand how developers address TD within PRs and whether TD is effectively managed during PR reviews by both developers and reviewers. We examined 12 Java projects from Apache. The first study employed the SonarQube tool on 2,035 merged PRs to evaluate TD variation, identify the most frequently neglected and resolved types of TD issues, and analyze how TD evolves over time. The second study involved a qualitative analysis of review threads of 250 PRs, focusing on the types of PRs that frequently discuss TD, the characteristics of TD fix suggestions, and the reasons some suggestions are rejected. Our findings reveal that TD issues are prevalent in PRs, following a ratio of 1:2:1 (reduced: unchanged: increased). Among all TD issues, those related to code duplication and cognitive complexity are most frequently overlooked, while code duplication and obsolete code are the most commonly resolved. Regarding PR code review, we found that around 76% of review threads address TD, with code, design, and documentation being the most frequently discussed areas. Additionally, 96% of discussions include a fix suggestion, and over 80% of the discussed issues are resolved. These insights can help practitioners become more aware of TD management and may inspire the development of new tools to facilitate TD handling during PRs.