Predicting Security-Vulnerable Developers Based on Their Techno-Behavioral Characteristics

IF 0.5 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING
M. D. J. S. Goonetillake, Rangana Jayashanka, S. V. Rathnayaka
{"title":"Predicting Security-Vulnerable Developers Based on Their Techno-Behavioral Characteristics","authors":"M. D. J. S. Goonetillake, Rangana Jayashanka, S. V. Rathnayaka","doi":"10.4018/ijisp.2022010103","DOIUrl":null,"url":null,"abstract":"Assigning developers for highly secured software projects requires identifying developers’ tendency to contribute towards vulnerable software codes called developer-centric security vulnerability to mitigate issues on human resource management, financial and project timelines. There are problems in assessing the previous codebases in evaluating the developer-centric security vulnerability level of each developer. Thus, this paper suggests a method to evaluate this through the techno-behavioral features of their previous projects. Consequently, we present results of an exploratory study of the developer-centric security vulnerability level prediction using a dataset of 1827 developers by logically selecting 13 techno-behavioral features. Our results depict that there is a correlation between techno-behavioral features and developer-centric security vulnerability with 89.46% accuracy. This model enables to predict developer-centric security vulnerability level of any developer if the required techno-behavioral features are available avoiding the analysis of his/her previous codebases.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"16 1","pages":"1-26"},"PeriodicalIF":0.5000,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/ijisp.2022010103","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0

Abstract

Assigning developers for highly secured software projects requires identifying developers’ tendency to contribute towards vulnerable software codes called developer-centric security vulnerability to mitigate issues on human resource management, financial and project timelines. There are problems in assessing the previous codebases in evaluating the developer-centric security vulnerability level of each developer. Thus, this paper suggests a method to evaluate this through the techno-behavioral features of their previous projects. Consequently, we present results of an exploratory study of the developer-centric security vulnerability level prediction using a dataset of 1827 developers by logically selecting 13 techno-behavioral features. Our results depict that there is a correlation between techno-behavioral features and developer-centric security vulnerability with 89.46% accuracy. This model enables to predict developer-centric security vulnerability level of any developer if the required techno-behavioral features are available avoiding the analysis of his/her previous codebases.
基于技术行为特征的安全漏洞开发者预测
为高度安全的软件项目分配开发人员需要确定开发人员倾向于为易受攻击的软件代码(称为以开发人员为中心的安全漏洞)做出贡献,以减轻人力资源管理、财务和项目时间表上的问题。在评估每个开发人员的以开发人员为中心的安全漏洞级别时,评估以前的代码库存在问题。因此,本文提出了一种通过他们以前项目的技术行为特征来评估这一点的方法。因此,我们使用1827个开发人员的数据集,通过逻辑选择13个技术行为特征,提出了以开发人员为中心的安全漏洞级别预测的探索性研究结果。我们的研究结果表明,技术行为特征与以开发人员为中心的安全漏洞之间存在着89.46%的相关性。如果所需的技术行为特性可用,该模型可以预测任何开发人员的以开发人员为中心的安全漏洞级别,从而避免分析他/她以前的代码库。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
International Journal of Information Security and Privacy
International Journal of Information Security and Privacy COMPUTER SCIENCE, SOFTWARE ENGINEERING-
CiteScore
2.50
自引率
0.00%
发文量
73
期刊介绍: As information technology and the Internet become more and more ubiquitous and pervasive in our daily lives, there is an essential need for a more thorough understanding of information security and privacy issues and concerns. The International Journal of Information Security and Privacy (IJISP) creates and fosters a forum where research in the theory and practice of information security and privacy is advanced. IJISP publishes high quality papers dealing with a wide range of issues, ranging from technical, legal, regulatory, organizational, managerial, cultural, ethical and human aspects of information security and privacy, through a balanced mix of theoretical and empirical research articles, case studies, book reviews, tutorials, and editorials. This journal encourages submission of manuscripts that present research frameworks, methods, methodologies, theory development and validation, case studies, simulation results and analysis, technological architectures, infrastructure issues in design, and implementation and maintenance of secure and privacy preserving initiatives.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信