Write a Blog >>
ESEM 2021
Mon 11 - Fri 15 October 2021
Tue 12 Oct 2021 14:50 - 15:05 at ESEM ROOM - Testing & Security 1 Chair(s): Davide Fucci

Background: Security tools play a vital role in enabling developers to build secure software. However, it can be quite challenging to introduce and fully leverage security tools without affecting the speed or frequency of deployments in the DevOps paradigm.

Aims: We aim to empirically investigate the key challenges practitioners face when integrating security tools into a DevOps workflow in order to provide recommendations for overcoming the challenges.

Method: We conducted a study involving 31 systematically selected webinars on integrating security tools in DevOps. We used a qualitative data analysis method, i.e., thematic analysis, to identify the challenges and emerging solutions related to integrating security tools in rapid deployment environments.

Results: We find that whilst traditional security tools are unable to cater for the needs of DevOps, the industry is moving towards new generations of security tools that have started focusing on the needs of DevOps. We have developed a DevOps workflow that integrates security tools and a set of guidelines by synthesizing practitioners’ recommendations in the analyzed webinars.

Conclusion: Whilst the latest security tools are addressing some of the requirements of DevOps, there are many tool-related drawbacks yet to be adequately addressed.

Tue 12 Oct

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

14:20 - 15:15
Testing & Security 1Technical Papers / Emerging Results and Vision papers at ESEM ROOM
Chair(s): Davide Fucci Blekinge Institute of Technology
A comparative study of vulnerability reporting by software composition analysis tools
Technical Papers
Nasif Imtiaz North Carolina State University, Seaver Thorn North Carolina State University, Laurie Williams North Carolina State University
Pre-print Media Attached
An Empirical Study of Rule-Based and Learning-Based Approaches for Static Application Security Testing
Technical Papers
Roland Croft , Dominic Newlands University of Adelaide, Ziyu Chen Monash University, Muhammad Ali Babar University of Adelaide
Pre-print Media Attached
An Empirical Analysis of Practitioners' Perspectives on Security Tool Integration into DevOps
Technical Papers
Roshan Namal Rajapakse The University of Adelaide, Mansooreh Zahedi The Univeristy of Melbourne, Muhammad Ali Babar University of Adelaide
Why Some Bug-bounty Vulnerability Reports are Invalid?
Emerging Results and Vision papers
Saman Shafigh University of New South Wales, Boualem Benatallah University of New South Wales, Carlos Rodriguez University of New South Wales, Mortada Al-Banna University of New South Wales

Information for Participants
Tue 12 Oct 2021 14:20 - 15:15 at ESEM ROOM - Testing & Security 1 Chair(s): Davide Fucci
Info for room ESEM ROOM: