Unhelpful Assumptions in Software Security Research

被引:2
|
作者
Ryan, Ita [1 ]
Roedig, Utz [1 ]
Stol, Klaas-Jan [1 ]
机构
[1] Univ Coll Cork, Sch Comp Sci & IT, Cork, Ireland
来源
PROCEEDINGS OF THE 2023 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, CCS 2023 | 2023年
基金
爱尔兰科学基金会;
关键词
software security; secure software development;
D O I
10.1145/3576915.3623122
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
In the study of software security many factors must be considered. Once venturing beyond the simplest of laboratory experiments, the researcher is obliged to contend with exponentially complex conditions. Software security has been shown to be affected by priming, tool usability, library documentation, organisational security culture, the content and format of internet resources, IT team and developer interaction, Internet search engine ordering, developer personality, security warning placement, mentoring, developer experience and more. In a systematic review of software security papers published since 2016, we have identified a number of unhelpful assumptions that are commonly made by software security researchers. In this paper we list these assumptions, describe why they sometimes do not reflect reality, and suggest implications for researchers.
引用
收藏
页码:3460 / 3474
页数:15
相关论文
共 50 条
  • [1] On Implicit Assumptions Underlying Software Engineering Research
    Prechelt, Lutz
    [J]. PROCEEDINGS OF EVALUATION AND ASSESSMENT IN SOFTWARE ENGINEERING (EASE 2021), 2021, : 336 - 339
  • [2] Using Software Reliability Models for Security Assessment - Verification of Assumptions
    Lee, Da Young
    Vouk, Mladen
    Williams, Laurie
    [J]. 2013 IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS (ISSREW), 2013, : 23 - 24
  • [3] Software security threat research
    Semenov, Serhii
    Davydov, Viacheslav
    Kuchuk, Nina
    Petrovskaya, Inna
    [J]. 2021 XXXI INTERNATIONAL SCIENTIFIC SYMPOSIUM METROLOGY AND METROLOGY ASSURANCE (MMA 2021), 2021, : 77 - 80
  • [4] SOFTWARE ASSUMPTIONS
    PIETTE, RC
    [J]. PERSONAL COMPUTING, 1983, 7 (05): : 195 - 195
  • [5] The Research on Software Security Vulnerabilities Mining
    Liu Shuyu
    Kong Weiguang
    Yang Diwei
    [J]. PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON TECHNOLOGY MANAGEMENT AND INNOVATION (TMI 2010), 2010, : 333 - 335
  • [6] Research of Evaluation Methods for Software Security
    Duan, Yubing
    Lou, Fang
    Fu, Yunsheng
    [J]. 2016 FIRST IEEE INTERNATIONAL CONFERENCE ON COMPUTER COMMUNICATION AND THE INTERNET (ICCCI 2016), 2016, : 467 - 470
  • [7] Advanced Research on Software Security Design and Applications
    Aljawarneh, Shadi A.
    Cena, Federica
    Maatuk, Abdelsalam
    [J]. JOURNAL OF UNIVERSAL COMPUTER SCIENCE, 2016, 22 (04) : 453 - 458
  • [8] A Research Agenda for Space Flight Software Security
    Curbo, James
    Falco, Gregory
    [J]. 2023 IEEE 9TH INTERNATIONAL CONFERENCE ON SPACE MISSION CHALLENGES FOR INFORMATION TECHNOLOGY, SMC-IT, 2023, : 68 - 77
  • [9] Software Security Reliability Research on ILAS System
    Luo Xinxing
    Zhu Ming-xun
    [J]. ADVANCES IN MANAGEMENT OF TECHNOLOGY, PT 1, 2009, : 520 - 525
  • [10] Making Information Security Research Great Again Assumptions and Practical Aspects of Case-Study Research in Information Security
    Lundgren, Martin
    [J]. 2018 2ND INTERNATIONAL SYMPOSIUM ON SMALL-SCALE INTELLIGENT MANUFACTURING SYSTEMS (SIMS), 2018,
12345