{"title":"关于新需求的潜在漏洞的信息:它是否有助于编写安全代码?","authors":"Md Rayhan Amin, Tanmay Bhowmik","doi":"10.1109/RE51729.2021.00046","DOIUrl":null,"url":null,"abstract":"Recent research advocates a proactive approach toward addressing software vulnerability, i.e., identification and resolution of vulnerability before exploitation. To that end, a recent research has presented a framework to provide developers with information related to vulnerabilities that are identified with the existing implementation of functionally similar requirements. The idea is that a developer implementing a new requirement may learn from such vulnerability information and write her code in a secure manner. Given the various technologies and platforms a developer may use to implement the current system, to what extent such information would actually help in writing secure code is an open question. In this paper, we design a human subject study to explore how information related to potential vulnerabilities influence developers on secure implementation of new requirements. We further present a pilot run of our study with 50 participants. The results suggest that developers with limited professional experience could be a major beneficiary of the information on potential vulnerabilities.","PeriodicalId":440285,"journal":{"name":"2021 IEEE 29th International Requirements Engineering Conference (RE)","volume":"51 8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Information on Potential Vulnerabilities for New Requirements: Does It Help Writing Secure Code?\",\"authors\":\"Md Rayhan Amin, Tanmay Bhowmik\",\"doi\":\"10.1109/RE51729.2021.00046\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recent research advocates a proactive approach toward addressing software vulnerability, i.e., identification and resolution of vulnerability before exploitation. To that end, a recent research has presented a framework to provide developers with information related to vulnerabilities that are identified with the existing implementation of functionally similar requirements. The idea is that a developer implementing a new requirement may learn from such vulnerability information and write her code in a secure manner. Given the various technologies and platforms a developer may use to implement the current system, to what extent such information would actually help in writing secure code is an open question. In this paper, we design a human subject study to explore how information related to potential vulnerabilities influence developers on secure implementation of new requirements. We further present a pilot run of our study with 50 participants. The results suggest that developers with limited professional experience could be a major beneficiary of the information on potential vulnerabilities.\",\"PeriodicalId\":440285,\"journal\":{\"name\":\"2021 IEEE 29th International Requirements Engineering Conference (RE)\",\"volume\":\"51 8 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE 29th International Requirements Engineering Conference (RE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/RE51729.2021.00046\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE 29th International Requirements Engineering Conference (RE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RE51729.2021.00046","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Information on Potential Vulnerabilities for New Requirements: Does It Help Writing Secure Code?
Recent research advocates a proactive approach toward addressing software vulnerability, i.e., identification and resolution of vulnerability before exploitation. To that end, a recent research has presented a framework to provide developers with information related to vulnerabilities that are identified with the existing implementation of functionally similar requirements. The idea is that a developer implementing a new requirement may learn from such vulnerability information and write her code in a secure manner. Given the various technologies and platforms a developer may use to implement the current system, to what extent such information would actually help in writing secure code is an open question. In this paper, we design a human subject study to explore how information related to potential vulnerabilities influence developers on secure implementation of new requirements. We further present a pilot run of our study with 50 participants. The results suggest that developers with limited professional experience could be a major beneficiary of the information on potential vulnerabilities.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
