{"title":"Information on Potential Vulnerabilities for New Requirements: Does It Help Writing Secure Code?","authors":"Md Rayhan Amin, Tanmay Bhowmik","doi":"10.1109/RE51729.2021.00046","DOIUrl":null,"url":null,"abstract":"Recent research advocates a proactive approach toward addressing software vulnerability, i.e., identification and resolution of vulnerability before exploitation. To that end, a recent research has presented a framework to provide developers with information related to vulnerabilities that are identified with the existing implementation of functionally similar requirements. The idea is that a developer implementing a new requirement may learn from such vulnerability information and write her code in a secure manner. Given the various technologies and platforms a developer may use to implement the current system, to what extent such information would actually help in writing secure code is an open question. In this paper, we design a human subject study to explore how information related to potential vulnerabilities influence developers on secure implementation of new requirements. We further present a pilot run of our study with 50 participants. The results suggest that developers with limited professional experience could be a major beneficiary of the information on potential vulnerabilities.","PeriodicalId":440285,"journal":{"name":"2021 IEEE 29th International Requirements Engineering Conference (RE)","volume":"51 8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE 29th International Requirements Engineering Conference (RE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RE51729.2021.00046","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
Recent research advocates a proactive approach toward addressing software vulnerability, i.e., identification and resolution of vulnerability before exploitation. To that end, a recent research has presented a framework to provide developers with information related to vulnerabilities that are identified with the existing implementation of functionally similar requirements. The idea is that a developer implementing a new requirement may learn from such vulnerability information and write her code in a secure manner. Given the various technologies and platforms a developer may use to implement the current system, to what extent such information would actually help in writing secure code is an open question. In this paper, we design a human subject study to explore how information related to potential vulnerabilities influence developers on secure implementation of new requirements. We further present a pilot run of our study with 50 participants. The results suggest that developers with limited professional experience could be a major beneficiary of the information on potential vulnerabilities.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
