Predicting Security-Vulnerable Developers Based on Their Techno-Behavioral Characteristics

IF 0.5 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING International Journal of Information Security and Privacy Pub Date : 2022-01-01 DOI:10.4018/ijisp.2022010103

M. D. J. S. Goonetillake, Rangana Jayashanka, S. V. Rathnayaka

{"title":"Predicting Security-Vulnerable Developers Based on Their Techno-Behavioral Characteristics","authors":"M. D. J. S. Goonetillake, Rangana Jayashanka, S. V. Rathnayaka","doi":"10.4018/ijisp.2022010103","DOIUrl":null,"url":null,"abstract":"Assigning developers for highly secured software projects requires identifying developers’ tendency to contribute towards vulnerable software codes called developer-centric security vulnerability to mitigate issues on human resource management, financial and project timelines. There are problems in assessing the previous codebases in evaluating the developer-centric security vulnerability level of each developer. Thus, this paper suggests a method to evaluate this through the techno-behavioral features of their previous projects. Consequently, we present results of an exploratory study of the developer-centric security vulnerability level prediction using a dataset of 1827 developers by logically selecting 13 techno-behavioral features. Our results depict that there is a correlation between techno-behavioral features and developer-centric security vulnerability with 89.46% accuracy. This model enables to predict developer-centric security vulnerability level of any developer if the required techno-behavioral features are available avoiding the analysis of his/her previous codebases.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.5000,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/ijisp.2022010103","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

Assigning developers for highly secured software projects requires identifying developers’ tendency to contribute towards vulnerable software codes called developer-centric security vulnerability to mitigate issues on human resource management, financial and project timelines. There are problems in assessing the previous codebases in evaluating the developer-centric security vulnerability level of each developer. Thus, this paper suggests a method to evaluate this through the techno-behavioral features of their previous projects. Consequently, we present results of an exploratory study of the developer-centric security vulnerability level prediction using a dataset of 1827 developers by logically selecting 13 techno-behavioral features. Our results depict that there is a correlation between techno-behavioral features and developer-centric security vulnerability with 89.46% accuracy. This model enables to predict developer-centric security vulnerability level of any developer if the required techno-behavioral features are available avoiding the analysis of his/her previous codebases.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于技术行为特征的安全漏洞开发者预测

为高度安全的软件项目分配开发人员需要确定开发人员倾向于为易受攻击的软件代码(称为以开发人员为中心的安全漏洞)做出贡献，以减轻人力资源管理、财务和项目时间表上的问题。在评估每个开发人员的以开发人员为中心的安全漏洞级别时，评估以前的代码库存在问题。因此，本文提出了一种通过他们以前项目的技术行为特征来评估这一点的方法。因此，我们使用1827个开发人员的数据集，通过逻辑选择13个技术行为特征，提出了以开发人员为中心的安全漏洞级别预测的探索性研究结果。我们的研究结果表明，技术行为特征与以开发人员为中心的安全漏洞之间存在着89.46%的相关性。如果所需的技术行为特性可用，该模型可以预测任何开发人员的以开发人员为中心的安全漏洞级别，从而避免分析他/她以前的代码库。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

International Journal of Information Security and Privacy COMPUTER SCIENCE, SOFTWARE ENGINEERING-

CiteScore

2.50

自引率

0.00%

发文量

期刊介绍： As information technology and the Internet become more and more ubiquitous and pervasive in our daily lives, there is an essential need for a more thorough understanding of information security and privacy issues and concerns. The International Journal of Information Security and Privacy (IJISP) creates and fosters a forum where research in the theory and practice of information security and privacy is advanced. IJISP publishes high quality papers dealing with a wide range of issues, ranging from technical, legal, regulatory, organizational, managerial, cultural, ethical and human aspects of information security and privacy, through a balanced mix of theoretical and empirical research articles, case studies, book reviews, tutorials, and editorials. This journal encourages submission of manuscripts that present research frameworks, methods, methodologies, theory development and validation, case studies, simulation results and analysis, technological architectures, infrastructure issues in design, and implementation and maintenance of secure and privacy preserving initiatives.