ICSE 2024
Fri 12 - Sun 21 April 2024 Lisbon, Portugal
Fri 19 Apr 2024 12:00 - 12:15 at Eugénio de Andrade - Security 4 Chair(s): Liliana Pasquale

The intersection between security and continuous software engineering has been of great interest since early years of the agile development movement, and it remains relevant as software development processes are more frequently guided by agility, as well as, adopting DevOps. Several authors have contributed studies about the framing of secure agile development and secure DevOps (DevSecOps), motivating academic contributions to methods and practices, but also discussions around benefits and challenges. Especially the challenges captured also our interest since, for the last few years, we are conducting research on secure continuous software engineering from a more applied, practical perspective with the overarching aim to introduce solutions that can be adopted at scale. The short positioning at hands summarizes a relevant part of our endeavors in which we validated challenges with several practitioners of different roles. More than framing a set of challenges, we present four key directions for practitioners and researchers to delineate further work.

Fri 19 Apr

Displayed time zone: Lisbon change

11:00 - 12:30
Security 4Research Track / Software Engineering in Practice at Eugénio de Andrade
Chair(s): Liliana Pasquale University College Dublin & Lero
11:00
15m
Talk
A User-centered Security Evaluation of Copilot
Research Track
Owura Asare University of Waterloo, Mei Nagappan University of Waterloo, N. Asokan University of Waterloo
11:15
15m
Talk
Identifying Affected Libraries and Their Ecosystems for Open Source Software Vulnerabilities
Research Track
Susheng Wu Fudan University, Wenyan Song Fudan University, Kaifeng Huang Tongji University, Bihuan Chen Fudan University, Xin Peng Fudan University
11:30
15m
Talk
Understanding Transaction Bugs in Database Systems
Research Track
Ziyu Cui Institute of Software Chinese Academy of Sciences, Wensheng Dou Institute of Software Chinese Academy of Sciences, Yu Gao Institute of Software, Chinese Academy of Sciences, China, Dong Wang Institute of software, Chinese academy of sciences, Jiansen Song Institute of Software Chinese Academy of Sciences, Yingying Zheng Institute of Software Chinese Academy of Sciences, Tao Wang Institute of Software at Chinese Academy of Sciences, Rui Yang Institute of Software, Chinese Academy of Sciences, Kang Xu University of Chinese Academy of Sciences, Nanjing, Yixin Hu Sun Yat-sen University, Jun Wei Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences; University of Chinese Academy of Sciences Chongqing School, Tao Huang Institute of Software Chinese Academy of Sciences
Pre-print
11:45
15m
Talk
When Contracts Meets Crypto: Exploring Developers' Struggles with Ethereum Cryptographic APIs
Research Track
Jiashuo Zhang Peking University, China, Jiachi Chen Sun Yat-sen University, Zhiyuan Wan Zhejiang University, Ting Chen University of Electronic Science and Technology of China, Jianbo Gao Peking University, Zhong Chen
12:00
15m
Talk
Industrial Challenges in Secure Continuous Development
Software Engineering in Practice
Fabiola Moyón Siemens Technology and Technical University of Munich, Florian Angermeir fortiss GmbH, Daniel Mendez Blekinge Institute of Technology and fortiss
Pre-print
12:15
15m
Talk
Automated Security Findings Management: A Case Study in Industrial DevOps
Software Engineering in Practice
Markus Voggenreiter Siemens Technology / LMU Munich, Florian Angermeir fortiss GmbH, Fabiola Moyón Siemens Technology and Technical University of Munich, Ulrich Schöpp fortiss GmbH, Pierre Bonvin Munich University of Applied Sciences
Pre-print