Details
Originalsprache | Englisch |
---|---|
Titel des Sammelwerks | Proceedings - 2017 IEEE Cybersecurity Development Conference, SecDev 2017 |
Herausgeber (Verlag) | Institute of Electrical and Electronics Engineers Inc. |
Seiten | 22-26 |
Seitenumfang | 5 |
ISBN (elektronisch) | 9781538634677 |
Publikationsstatus | Veröffentlicht - 20 Okt. 2017 |
Veranstaltung | 2017 IEEE Cybersecurity Development Conference, SecDev 2017 - Cambridge, USA / Vereinigte Staaten Dauer: 24 Sept. 2017 → 26 Sept. 2017 |
Publikationsreihe
Name | Proceedings - 2017 IEEE Cybersecurity Development Conference, SecDev 2017 |
---|
Abstract
Increasingly developers are becoming aware of the importance of software security, as frequent high-profile security incidents emphasize the need for secure code. Faced with this new problem, most developers will use their normal approach: web search. But are the resulting web resources useful and effective at promoting security in practice? Recent research has identified security problems arising from Q&A resources that help with specific secure-programming problems, but the web also contains many general resources that discuss security and secure programming more broadly, and to our knowledge few if any of these have been empirically evaluated. The continuing prevalence of security bugs suggests that this guidance ecosystem is not currently working well enough: either effective guidance is not available, or it is not reaching the developers who need it. This paper takes a first step toward understanding and improving this guidance ecosystem by identifying and analyzing 19 general advice resources. The results identify important gaps in the current ecosystem and provide a basis for future work evaluating existing resources and developing new ones to fill these gaps.
ASJC Scopus Sachgebiete
- Informatik (insg.)
- Computernetzwerke und -kommunikation
- Ingenieurwesen (insg.)
- Sicherheit, Risiko, Zuverlässigkeit und Qualität
Zitieren
- Standard
- Harvard
- Apa
- Vancouver
- BibTex
- RIS
Proceedings - 2017 IEEE Cybersecurity Development Conference, SecDev 2017. Institute of Electrical and Electronics Engineers Inc., 2017. S. 22-26 8077802 (Proceedings - 2017 IEEE Cybersecurity Development Conference, SecDev 2017).
Publikation: Beitrag in Buch/Bericht/Sammelwerk/Konferenzband › Aufsatz in Konferenzband › Forschung › Peer-Review
}
TY - GEN
T1 - Developers Need Support, Too
T2 - 2017 IEEE Cybersecurity Development Conference, SecDev 2017
AU - Acar, Yasemin
AU - Stransky, Christian
AU - Wermke, Dominik
AU - Weir, Charles
AU - Mazurek, Michelle L.
AU - Fahl, Sascha
PY - 2017/10/20
Y1 - 2017/10/20
N2 - Increasingly developers are becoming aware of the importance of software security, as frequent high-profile security incidents emphasize the need for secure code. Faced with this new problem, most developers will use their normal approach: web search. But are the resulting web resources useful and effective at promoting security in practice? Recent research has identified security problems arising from Q&A resources that help with specific secure-programming problems, but the web also contains many general resources that discuss security and secure programming more broadly, and to our knowledge few if any of these have been empirically evaluated. The continuing prevalence of security bugs suggests that this guidance ecosystem is not currently working well enough: either effective guidance is not available, or it is not reaching the developers who need it. This paper takes a first step toward understanding and improving this guidance ecosystem by identifying and analyzing 19 general advice resources. The results identify important gaps in the current ecosystem and provide a basis for future work evaluating existing resources and developing new ones to fill these gaps.
AB - Increasingly developers are becoming aware of the importance of software security, as frequent high-profile security incidents emphasize the need for secure code. Faced with this new problem, most developers will use their normal approach: web search. But are the resulting web resources useful and effective at promoting security in practice? Recent research has identified security problems arising from Q&A resources that help with specific secure-programming problems, but the web also contains many general resources that discuss security and secure programming more broadly, and to our knowledge few if any of these have been empirically evaluated. The continuing prevalence of security bugs suggests that this guidance ecosystem is not currently working well enough: either effective guidance is not available, or it is not reaching the developers who need it. This paper takes a first step toward understanding and improving this guidance ecosystem by identifying and analyzing 19 general advice resources. The results identify important gaps in the current ecosystem and provide a basis for future work evaluating existing resources and developing new ones to fill these gaps.
UR - http://www.scopus.com/inward/record.url?scp=85035765557&partnerID=8YFLogxK
U2 - 10.1109/SecDev.2017.17
DO - 10.1109/SecDev.2017.17
M3 - Conference contribution
AN - SCOPUS:85035765557
T3 - Proceedings - 2017 IEEE Cybersecurity Development Conference, SecDev 2017
SP - 22
EP - 26
BT - Proceedings - 2017 IEEE Cybersecurity Development Conference, SecDev 2017
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 24 September 2017 through 26 September 2017
ER -