Home > Research > Publications & Outputs > Developers Need Support, Too

Research

Associated organisational units

Electronic data

  • DevelopersNeedSupportToo

    Rights statement: ©2017 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

    Accepted author manuscript, 143 KB, PDF document

    Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License

Links

Text available via DOI:

View graph of relations

Developers Need Support, Too: A Survey of Security Advice for Software Developers

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published

Standard

Developers Need Support, Too: A Survey of Security Advice for Software Developers. / Acar, Yasemin; Stransky, Christian; Wermke, Dominik et al.
Proceedings of the IEEE Secure Development Conference 2017. ed. / Trent Jaeger. IEEE, 2017. p. 22-26 17.

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Harvard

Acar, Y, Stransky, C, Wermke, D, Weir, CAF, Mazurek, M & Fahl, S 2017, Developers Need Support, Too: A Survey of Security Advice for Software Developers. in T Jaeger (ed.), Proceedings of the IEEE Secure Development Conference 2017., 17, IEEE, pp. 22-26, IEEE SecDev, Boston, United States, 24/09/17. https://doi.org/10.1109/SecDev.2017.17

APA

Acar, Y., Stransky, C., Wermke, D., Weir, C. A. F., Mazurek, M., & Fahl, S. (2017). Developers Need Support, Too: A Survey of Security Advice for Software Developers. In T. Jaeger (Ed.), Proceedings of the IEEE Secure Development Conference 2017 (pp. 22-26). Article 17 IEEE. https://doi.org/10.1109/SecDev.2017.17

Vancouver

Acar Y, Stransky C, Wermke D, Weir CAF, Mazurek M, Fahl S. Developers Need Support, Too: A Survey of Security Advice for Software Developers. In Jaeger T, editor, Proceedings of the IEEE Secure Development Conference 2017. IEEE. 2017. p. 22-26. 17 doi: 10.1109/SecDev.2017.17

Author

Acar, Yasemin ; Stransky, Christian ; Wermke, Dominik et al. / Developers Need Support, Too : A Survey of Security Advice for Software Developers. Proceedings of the IEEE Secure Development Conference 2017. editor / Trent Jaeger. IEEE, 2017. pp. 22-26

Bibtex

@inproceedings{e30ba0b3b40140b8b5cd2409159c8329,
title = "Developers Need Support, Too: A Survey of Security Advice for Software Developers",
abstract = "Increasingly developers are becoming aware of the importance of software security, as frequent high-profile se- curity incidents emphasize the need for secure code. Faced with this new problem, most developers will use their normal approach: web search. But are the resulting web resources useful and effective at promoting security in practice? Recent research has identified security problems arising from Q&A re- sources that help with specific secure-programming problems, but the web also contains many general resources that discuss security and secure programming more broadly, and to our knowledge few if any of these have been empirically evaluated. The continuing prevalence of security bugs suggests that this guidance ecosystem is not currently working well enough: either effective guidance is not available, or it is not reaching the developers who need it. This paper takes a first step toward understanding and improving this guidance ecosystem by identifying and analyzing 19 general advice resources. The results identify important gaps in the current ecosystem and provide a basis for future work evaluating existing resources and developing new ones to fill these gaps.",
author = "Yasemin Acar and Christian Stransky and Dominik Wermke and Weir, {Charles Alexander Forbes} and Michelle Mazurek and Sascha Fahl",
note = "{\textcopyright}2017 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.; IEEE SecDev, SecDev2017 ; Conference date: 24-09-2017 Through 26-09-2017",
year = "2017",
month = sep,
day = "24",
doi = "10.1109/SecDev.2017.17",
language = "English",
isbn = "9781538634684",
pages = "22--26",
editor = "Trent Jaeger",
booktitle = "Proceedings of the IEEE Secure Development Conference 2017",
publisher = "IEEE",
url = "https://secdev.ieee.org/2017/home/",

}

RIS

TY - GEN

T1 - Developers Need Support, Too

T2 - IEEE SecDev

AU - Acar, Yasemin

AU - Stransky, Christian

AU - Wermke, Dominik

AU - Weir, Charles Alexander Forbes

AU - Mazurek, Michelle

AU - Fahl, Sascha

N1 - Conference code: 2

PY - 2017/9/24

Y1 - 2017/9/24

N2 - Increasingly developers are becoming aware of the importance of software security, as frequent high-profile se- curity incidents emphasize the need for secure code. Faced with this new problem, most developers will use their normal approach: web search. But are the resulting web resources useful and effective at promoting security in practice? Recent research has identified security problems arising from Q&A re- sources that help with specific secure-programming problems, but the web also contains many general resources that discuss security and secure programming more broadly, and to our knowledge few if any of these have been empirically evaluated. The continuing prevalence of security bugs suggests that this guidance ecosystem is not currently working well enough: either effective guidance is not available, or it is not reaching the developers who need it. This paper takes a first step toward understanding and improving this guidance ecosystem by identifying and analyzing 19 general advice resources. The results identify important gaps in the current ecosystem and provide a basis for future work evaluating existing resources and developing new ones to fill these gaps.

AB - Increasingly developers are becoming aware of the importance of software security, as frequent high-profile se- curity incidents emphasize the need for secure code. Faced with this new problem, most developers will use their normal approach: web search. But are the resulting web resources useful and effective at promoting security in practice? Recent research has identified security problems arising from Q&A re- sources that help with specific secure-programming problems, but the web also contains many general resources that discuss security and secure programming more broadly, and to our knowledge few if any of these have been empirically evaluated. The continuing prevalence of security bugs suggests that this guidance ecosystem is not currently working well enough: either effective guidance is not available, or it is not reaching the developers who need it. This paper takes a first step toward understanding and improving this guidance ecosystem by identifying and analyzing 19 general advice resources. The results identify important gaps in the current ecosystem and provide a basis for future work evaluating existing resources and developing new ones to fill these gaps.

U2 - 10.1109/SecDev.2017.17

DO - 10.1109/SecDev.2017.17

M3 - Conference contribution/Paper

SN - 9781538634684

SP - 22

EP - 26

BT - Proceedings of the IEEE Secure Development Conference 2017

A2 - Jaeger, Trent

PB - IEEE

Y2 - 24 September 2017 through 26 September 2017

ER -