数据和材料:为什么开发人员不检测不正确的输入验证?放下桌子上的纸;--

2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion) Pub Date : 2021-05-01 DOI:10.1109/ICSE-Companion52605.2021.00090

Larissa Braz, Enrico Fregnan, G. Çalikli, Alberto Bacchelli

{"title":"数据和材料:为什么开发人员不检测不正确的输入验证?放下桌子上的纸;--","authors":"Larissa Braz, Enrico Fregnan, G. Çalikli, Alberto Bacchelli","doi":"10.1109/ICSE-Companion52605.2021.00090","DOIUrl":null,"url":null,"abstract":"Improper Input Validation (IIV) is a dangerous software vulnerability that occurs when a system does not safely handle input data. Although IIV is easy to detect and fix, it still commonly happens in practice; so, why do developers not recognize IIV? Answering this question is key to understand how to support developers in creating secure software systems. In our work, we studied to what extent developers can detect IIV and investigate underlying reasons. To do so, we conducted an online experiment with 146 software developers. In this document, we explain how to obtain the artifact package of our study, the artifact material, and how to use the artifacts.","PeriodicalId":136929,"journal":{"name":"2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"55 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Data and Materials for: Why Don’t Developers Detect Improper Input Validation?'; DROP TABLE Papers; --\",\"authors\":\"Larissa Braz, Enrico Fregnan, G. Çalikli, Alberto Bacchelli\",\"doi\":\"10.1109/ICSE-Companion52605.2021.00090\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Improper Input Validation (IIV) is a dangerous software vulnerability that occurs when a system does not safely handle input data. Although IIV is easy to detect and fix, it still commonly happens in practice; so, why do developers not recognize IIV? Answering this question is key to understand how to support developers in creating secure software systems. In our work, we studied to what extent developers can detect IIV and investigate underlying reasons. To do so, we conducted an online experiment with 146 software developers. In this document, we explain how to obtain the artifact package of our study, the artifact material, and how to use the artifacts.\",\"PeriodicalId\":136929,\"journal\":{\"name\":\"2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)\",\"volume\":\"55 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSE-Companion52605.2021.00090\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSE-Companion52605.2021.00090","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

当系统不能安全地处理输入数据时，不正确的输入验证(IIV)是一个危险的软件漏洞。虽然iv很容易检测和修复，但在实践中仍然经常发生;那么，为什么开发者不承认IIV呢?回答这个问题是理解如何支持开发人员创建安全软件系统的关键。在我们的工作中，我们研究了开发人员可以在多大程度上检测到iv并调查潜在的原因。为此，我们对146名软件开发人员进行了在线实验。在本文档中，我们将解释如何获得我们研究的工件包、工件材料以及如何使用工件。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Data and Materials for: Why Don’t Developers Detect Improper Input Validation?'; DROP TABLE Papers; --

Improper Input Validation (IIV) is a dangerous software vulnerability that occurs when a system does not safely handle input data. Although IIV is easy to detect and fix, it still commonly happens in practice; so, why do developers not recognize IIV? Answering this question is key to understand how to support developers in creating secure software systems. In our work, we studied to what extent developers can detect IIV and investigate underlying reasons. To do so, we conducted an online experiment with 146 software developers. In this document, we explain how to obtain the artifact package of our study, the artifact material, and how to use the artifacts.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)

自引率

0.00%

发文量

期刊最新文献

Artifact Evaluation Program Committee Doctoral Symposium Program Committee Posters Program Committee CodeShovel: A Reusable and Available Tool for Extracting Source Code Histories Replication Package for Article: Data-Oriented Differential Testing of Object-Relational Mapping Systems