Communications of the ACM
Researchers Tackle Issues Surrounding Security Tools for Software Developers
Researchers at North Carolina State University are investigating how software developers use (or do not use) security tools.
Credit: Yuri Samollov
With funding from the U.S. National Science Foundation, North Carolina State University (NCSU) researchers are seeking to address three distinct aspects of security tools for software developers.
"Our work is focused on understanding the developers who are trying to identify security vulnerabilities in their code, and how they use [or don't use] tools that can help them find those vulnerabilities," says NCSU professor Emerson Murphy-Hill. "The one thing that ties all of our work together is that we want to help give programmers the best possible tools and help them use those tools effectively."
NCSU and Microsoft Research scientists have learned developers who worked on projects where security was important were not more likely than other developers to use security tools. Murphy-Hill notes people who had seen how others use the tools, and those whose bosses expected them to use them, were most likely to employ the tools.
Another study focused on whether the tools supply developers with the information to ascertain if an actual problem and remediation strategy exist. The researchers found programmers were often confused by the presentation of multiple possible fixes that lacked data about the relevant pluses and minuses of each remedy.
Murphy-Hill and colleagues propose the creation of evolutionary "bespoke" tools that adapt to each developer's specific skill areas.
From NCSU News
View Full Article
Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA
No entries found