Idea: Interactive Support for Secure Software Development
Security breaches are often caused by software bugs, which may frequently be due to developers’ memory lapses, lack of attention/focus, and knowledge gaps. Developers have to contend with heavy cognitive loads to deal with issues such as functional requirements, deadlines, security, and runtime performance. We propose to integrate secure programming support seamlessly into Integrated Development Environments (IDEs) in order to help developers cope with their heavy cognitive load and reduce security errors. As proof of concept, we developed a plug-in for Eclipse’s Java development environment. Developers will be alerted to potential secure programming concerns, such as input validation, data encoding, and access control as well as encouraged to comply with secure coding standards.
Keywordssecurity software development secure programming code refactoring code annotation
Unable to display preview. Download preview PDF.
- 2.Evans, K., Reeder, F.: A Human Captial Crisis in Cybersecurity. Center for Strategic and International Studies (2010)Google Scholar
- 4.Knuth, D.: The errors of TeX–Software: Practice and Experience, vol. 19(7), pp. 607–685 (1989)Google Scholar
- 5.McGraw, G., Chess, B., Migues, S.: Building Security in Maturity Model (2009), http://www.www.bsimm2.com
- 6.Preece, J., Sharp, H., Rogers, Y.: Interaction design: Beyond human-computer interaction. Wiley, Indianapolis (2007)Google Scholar