Write a Blog >>
ICSE 2021
Mon 17 May - Sat 5 June 2021

Pushed by market forces, software development has become fast-paced. As a consequence, modern development projects are assembled from 3rd-party components. Security & privacy assurance techniques once designed for large, controlled updates over months or years, must now cope with small, continuous changes taking place withing a week, and happening in sub-components that are controlled by third party developers one might not even know they existed.

In this paper, we aim to provide an overview of the current software security approaches and evaluate their appropriateness in the face of a changed nature in software development.

We have observed current software engineering trends and introduced the Multi-party Open Software and Services (MOSS) term to capture its dual nature. Then we have reviewed the novel security events and analysed how nowadays software security approaches cope with them.

Software security assurance could benefit by switching from a process-based to an artefact-based approach. Further, security evaluation might need to be more incremental, automated and decentralized. We believe this can be achieved by supporting mechanisms for lightweight and scalable screenings that are applicable to the entire population of software components albeit there might be a price to pay.

Thu 27 May
Times are displayed in time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

19:20 - 20:15
3.5.3. Security Vulnerabilities: General Issues #1NIER - New Ideas and Emerging Results / Journal-First Papers / Technical Track at Blended Sessions Room 3 +12h
Chair(s): Davide FucciBlekinge Institute of Technology
19:20
20m
Paper
Technical Leverage in a Software Ecosystem: Development Opportunities and Security RisksTechnical Track
Technical Track
Fabio MassacciUniversity of Trento and Vrije Universiteit Amsterdam, Ivan PashchenkoUniversity of Trento
Pre-print
19:40
15m
Short-paper
Secure Software Development in the Era of Fluid Multi-party Open Software and ServicesNIER
NIER - New Ideas and Emerging Results
Ivan PashchenkoUniversity of Trento, Riccardo ScandariatoHamburg University of Technology, Antonino SabettaSAP Security Research, Fabio MassacciUniversity of Trento and Vrije Universiteit Amsterdam
Pre-print
19:55
20m
Paper
Detecting Software Security Vulnerabilities via Requirements Dependency AnalysisJournal-First
Journal-First Papers
Wentao WangUniversity of Cincinnati, Faryn DumontUniversity of Cincinnati, Nan NiuUniversity of Cincinnati, Glen HortonUniversity of Cincinnati
DOI Pre-print

Fri 28 May
Times are displayed in time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

07:20 - 08:15
07:20
20m
Paper
Technical Leverage in a Software Ecosystem: Development Opportunities and Security RisksTechnical Track
Technical Track
Fabio MassacciUniversity of Trento and Vrije Universiteit Amsterdam, Ivan PashchenkoUniversity of Trento
Pre-print
07:40
15m
Short-paper
Secure Software Development in the Era of Fluid Multi-party Open Software and ServicesNIER
NIER - New Ideas and Emerging Results
Ivan PashchenkoUniversity of Trento, Riccardo ScandariatoHamburg University of Technology, Antonino SabettaSAP Security Research, Fabio MassacciUniversity of Trento and Vrije Universiteit Amsterdam
Pre-print
07:55
20m
Paper
Detecting Software Security Vulnerabilities via Requirements Dependency AnalysisJournal-First
Journal-First Papers
Wentao WangUniversity of Cincinnati, Faryn DumontUniversity of Cincinnati, Nan NiuUniversity of Cincinnati, Glen HortonUniversity of Cincinnati
DOI Pre-print
Hide past events

Information for Participants
Info for Blended Sessions Room 3: