Unhelpful assumptions in software security research
| dc.contributor.author | Ryan, Ita | en |
| dc.contributor.author | Roedig, Utz | en |
| dc.contributor.author | Stol, Klaas-Jan | en |
| dc.contributor.funder | Science Foundation Ireland | en |
| dc.date.accessioned | 2023-11-29T10:13:37Z | |
| dc.date.available | 2023-11-29T10:13:37Z | |
| dc.date.issued | 2023-11-21 | en |
| dc.description.abstract | In the study of software security many factors must be considered. Once venturing beyond the simplest of laboratory experiments, the researcher is obliged to contend with exponentially complex conditions. Software security has been shown to be affected by priming, tool usability, library documentation, organisational security culture, the content and format of internet resources, IT team and developer interaction, Internet search engine ordering, developer personality, security warning placement, mentoring, developer experience and more. In a systematic review of software security papers published since 2016, we have identified a number of unhelpful assumptions that are commonly made by software security researchers. In this paper we list these assumptions, describe why they sometimes do not reflect reality, and suggest implications for researchers. | en |
| dc.description.status | Peer reviewed | en |
| dc.description.version | Published Version | en |
| dc.format.mimetype | application/pdf | en |
| dc.identifier.citation | Ryan, I., Roedig, U and Stol, K.-J. (2023) 'Unhelpful assumptions in software security research', Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, Copenhagen, Denmark, 26-30 November, pp. 3460-3474. doi: 10.1145/3576915.3623122 | en |
| dc.identifier.doi | 10.1145/3576915.3623122 | en |
| dc.identifier.endpage | 3474 | en |
| dc.identifier.startpage | 3460 | en |
| dc.identifier.uri | https://hdl.handle.net/10468/15271 | |
| dc.language.iso | en | en |
| dc.publisher | Association for Computing Machinery | en |
| dc.relation.ispartof | Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security | en |
| dc.relation.ispartof | ACM CCS 2023, 26-30 November, Copenhagen, Denmark | en |
| dc.relation.project | info:eu-repo/grantAgreement/SFI/SFI Centres for Research Training Programme::Data and ICT Skills for the Future/18/CRT/6222/IE/SFI Centre for Research Training in Advanced Networks for Sustainable Societies/ | en |
| dc.relation.project | info:eu-repo/grantAgreement/SFI/SFI Research Centres Programme::Phase 2/13/RC/2077_P2/IE/CONNECT_Phase 2/ | en |
| dc.relation.project | info:eu-repo/grantAgreement/SFI/SFI Research Centres Programme::Phase 2/13/RC/2094_P2/IE/Lero_Phase 2/ | en |
| dc.relation.project | info:eu-repo/grantAgreement/SFI/SFI Starting Investigator Research Grant (SIRG)/15/SIRG/3293/IE/Software Development with Alternative Workforces/ | en |
| dc.rights | © 2023, the Authors. This work is licensed under a Creative Commons Attribution International 4.0 License. | en |
| dc.rights.uri | https://creativecommons.org/licenses/by/4.0/ | en |
| dc.subject | Software security | en |
| dc.subject | Secure software development | en |
| dc.title | Unhelpful assumptions in software security research | en |
| dc.type | Conference item | en |
