Fri 27 Oct 2023 10:40 - 11:00 at Rhythms 3 - 5B - Security Chair(s): Oliver Karras

Background: Software security is crucial to ensure that the users are protected from undesirable consequences such as malware attacks which can result in loss of data and, subsequently, financial loss. Technical Debt (TD) is a metaphor incurred by suboptimal decisions resulting in long-term consequences such as increased defects and vulnerabilities if not managed. Although previous studies have studied the relationship between security and TD, examining their intersection in developers’ discussion on Stack Overflow (SO) is still unexplored. Aims: This study investigates the characteristics of security-related TD questions on SO. More specifically, we explore the prevalence of TD in security-related queries, identify the security tags most prone to TD, and investigate which user groups are more aware of TD. Method: We mined 117,233 security-related questions on SO and used a deep-learning approach to identify 45,078 security-related TD questions. Subsequently, we conducted quantitative and qualitative analyses of the collected security-related TD questions, including sentiment analysis. Results: Our analysis revealed that 38% of the security questions on SO are security-related TD questions. The most recurrent tags among the security-related TD questions emerged as “security” and “encryption.” The latter typically have a neutral sentiment, are lengthier, and are posed by users with higher reputation scores. Conclusions: Our findings reveal that developers implicitly discuss TD, suggesting developers have a potential knowledge gap regarding the TD metaphor in the security domain. Moreover, we identified the most common security topics mentioned in TD-related posts, providing valuable insights for developers and researchers to assist developers in prioritizing security concerns in order to minimize TD and enhance software security.

Fri 27 Oct

Displayed time zone: Central Time (US & Canada) change

10:40 - 12:15
5B - SecurityEmerging Results, Vision and Reflection Papers Track / ESEM Technical Papers / ESEM IGC at Rhythms 3
Chair(s): Oliver Karras TIB - Leibniz Information Centre for Science and Technology
10:40
20m
Full-paper
Exploring Technical Debt in Security Questions on Stack Overflow
ESEM Technical Papers
Joshua Aldrich Edbert University of Saskatchewan, Sahrima Jannat Oishwee University of Saskatchewan, Shubhashis Karmakar , Zadia Codabux University of Saskatchewan, Roberto Verdecchia University of Florence
Link to publication DOI Pre-print
11:00
20m
Full-paper
Personalized Guidelines for Design, Implementation and Evaluation of Anti-phishing Interventions
ESEM Technical Papers
Orvila Sarker , Sherif Haggag The University of Adelaide, Asangi Jayatilaka University of Adelaide, Chelsea Liu
11:20
15m
Industry talk
Privacy and Security documents for Agile Software Engineering: An experiment of LGPD Inventory adoption
ESEM IGC
Juliana de Albuquerque Goncalves Saraiva , Sérgio Soares Universidade Federal de Pernambuco
11:35
15m
Vision and Emerging Results
How do Deep Learning Faults Affect AI-enabled Cyber-Physical Systems in Operation? a Preliminary Study based on DeepCrime Mutation Operators
Emerging Results, Vision and Reflection Papers Track
Aitor Arrieta Mondragon University, Pablo Valle Mondragon University, Asier Iriarte , Miren Illarramendi Mondragon University
11:50
15m
Vision and Emerging Results
Evaluating the Impact of ChatGPT on Exercises of a Software Security Course
Emerging Results, Vision and Reflection Papers Track
Jingyue Li Norwegian University of Science and Technology, Per Håkon Meland , Jakob Svennevik Notland , André Storhaug Norwegian University of Science and Technology, Jostein Hjortland Tysse