Idea: interactive support for secure software development

  • Authors:

  • Jing Xie;Bill Chu;Heather Richter Lipford

  • Affiliations:

  • Department of Software and Information Systems, Center for Cyber Defense and Network Assurance, University of North Carolina at Charlotte, Charlotte, NC;Department of Software and Information Systems, Center for Cyber Defense and Network Assurance, University of North Carolina at Charlotte, Charlotte, NC;Department of Software and Information Systems, Center for Cyber Defense and Network Assurance, University of North Carolina at Charlotte, Charlotte, NC

  • Venue:
  • ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
  • Year:
  • 2011

Quantified Score

Hi-index 0.01

Visualization

Abstract

Security breaches are often caused by software bugs, which may frequently be due to developers' memory lapses, lack of attention/ focus, and knowledge gaps. Developers have to contend with heavy cognitive loads to deal with issues such as functional requirements, deadlines, security, and runtime performance. We propose to integrate secure programming support seamlessly into Integrated Development Environments (IDEs) in order to help developers cope with their heavy cognitive load and reduce security errors. As proof of concept, we developed a plugin for Eclipse's Java development environment. Developers will be alerted to potential secure programming concerns, such as input validation, data encoding, and access control as well as encouraged to comply with secure coding standards.