Studying secure coding in the laboratory: Why, what, where, how, and who?

dc.contributor.authorRyan, Itaen
dc.contributor.authorStol, Klaas-Janen
dc.contributor.authorRoedig, Utzen
dc.contributor.funderScience Foundation Irelanden
dc.date.accessioned2023-07-25T13:35:45Z
dc.date.available2023-07-25T13:35:45Z
dc.date.issued2023-05-20en
dc.description.abstractSoftware security is an area of growing concern, with over 191,000 known vulnerabilities in public software at the time of writing. Many aids to secure coding exist. Assessing the effectiveness of such aids in a laboratory environment is difficult. There are a number of concerns to address, such as recruitment issues and the level of instrumentation needed to perform an accurate measurement. Based on an extensive literature review of software development aids, we describe recent approaches to running laboratory studies, their characteristics, and their benefits and drawbacks. This paper should be of use to anyone planning to undertake coding studies with software developers. Index Terms—Software security, secure development tools, secure development processes, secure development, software programmer, software developer, application security, security issue, secure programming, secure application development, secure development lifecycle.en
dc.description.sponsorshipScience Foundation Ireland (13/RC/2077 P2; 13/RC/2094 P2)en
dc.description.statusPeer revieweden
dc.description.versionAccepted Versionen
dc.format.mimetypeapplication/pdfen
dc.identifier.citationRyan, I., Stol, K.-J. and Roedig, U. (2023) ‘Studying secure coding in the laboratory: why, what, where, how, and who?’, 2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS). Melbourne, Australia, 15 May, pp. 23–30. doi: 10.1109/EnCyCriS59249.2023.00008en
dc.identifier.doi10.1109/EnCyCriS59249.2023.00008
dc.identifier.endpage30en
dc.identifier.startpage23en
dc.identifier.urihttps://hdl.handle.net/10468/14775
dc.language.isoenen
dc.relation.projectinfo:eu-repo/grantAgreement/SFI/SFI Centres for Research Training Programme::Data and ICT Skills for the Future/18/CRT/6222/IE/SFI Centre for Research Training in Advanced Networks for Sustainable Societies/en
dc.relation.projectinfo:eu-repo/grantAgreement/SFI/SFI Starting Investigator Research Grant (SIRG)/15/SIRG/3293/IE/Software Development with Alternative Workforces/en
dc.relation.urihttps://doi.org/10.1109/EnCyCriS59249.2023.00008
dc.rights© 2023, the Authors. For the purpose of Open Access, the authors have applied a CC-BY public copyright licence to any Author Accepted Manuscript version arising from this submission. Copyright published VOR © 2023 IEEEen
dc.rights.urihttps://creativecommons.org/licenses/by/4.0/en
dc.subjectSoftware securityen
dc.subjectSecure codingen
dc.titleStudying secure coding in the laboratory: Why, what, where, how, and who?en
dc.typeConference itemen
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Lab Studies EnCyCriS Camera Ready84.pdf
Size:
149.57 KB
Format:
Adobe Portable Document Format
Description:
Accepted Version
License bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
license.txt
Size:
2.71 KB
Format:
Item-specific license agreed upon to submission
Description: