Studying Secure Coding in the Laboratory: Why, What, Where, How, and Who? (EnCyCriS 2023)

Who

Ita Ryan, Klaas-Jan Stol, Utz Roedig

Track

EnCyCriS 2023

Time Zone

The program is currently displayed in (GMT+10:00) Hobart.

Use conference time zone: (GMT+10:00) HobartSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Sat 20 May 2023 16:05 - 16:25 at Meeting Room 108 - EnCyCriS part 2 Chair(s): Sabarathinam Chockalingam

Abstract

Software security is an area of growing concern, with over 191,000 known vulnerabilities in public software at the time of writing. Many aids to secure coding exist. Assessing the effectiveness of such aids in a laboratory environment is difficult. There are a number of concerns to address, such as recruitment issues and the level of instrumentation needed to perform an accurate measurement. Based on an extensive literature review of software development aids, we describe recent approaches to running laboratory studies, their characteristics, and their benefits and drawbacks. This paper should be of use to anyone planning to undertake coding studies with software developers. Index Terms—Software security, secure development tools, secure development processes, secure development, software programmer, software developer, application security, security issue, secure programming, secure application development, secure development lifecycle

Ita Ryan

University College Cork

Ireland

Klaas-Jan Stol

Lero; University College Cork; SINTEF Digital