Campus Units

Electrical and Computer Engineering

Document Type

Conference Proceeding

Conference

The 35th ACM/SIGAPP Symposium On Applied Computing

Publication Version

Accepted Manuscript

Link to Published Version

https://doi.org/10.1145/3341105.3373922

Publication Date

2020

Journal or Book Title

The 35th ACM/SIGAPP Symposium On Applied Computing

DOI

10.1145/3341105.3373922

Conference Title

The 35th ACM/SIGAPP Symposium On Applied Computing

Conference Date

March 30-April 3, 2020

City

Brno, Czech Republic

Abstract

Developers change the code of their software to add new features, fix bugs, or enhance its structure. Such frequent changes impact occasionally the security of the software. This paper reports a qualitative study of the practices of changing secure-software in the industry. The study involves interviews with eleven developers and security experts working on banking software, software for control systems, and software consultation companies. Through these interviews, we identified that the main security aspects are: dependency vulnerabilities, authentication and authorization, and OWASP 10 vulnerabilities. The common techniques used to assess software after code change are: code review, code analysis, testing, and keywords search. The main challenges that practitioners face are the diversity of the security issues and the lack of effectiveness of the security assurance tools in detecting vulnerabilities. The study suggests that developers of secure software need techniques that support effective security assurance of modified software.

Comments

This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in Jamil, Ameerah Muhsinah, Lotfi ben Othmane, Altaz Valani, Moataz Abdelkhalek, and Ayhan Tek. “The Current Practices of Changing Secure Software.” The 35th ACM/SIGAPP Symposium On Applied Computing. Brno, Czech Republic, March 30-April 3, 2020. DOI: 10.1145/3341105.3373922. Posted with permission.

Copyright Owner

The Authors

Language

en

File Format

application/pdf

Published Version

Share

Article Location

 
COinS