Cognitive processing differences between novice and expert computer programmers
International Journal of Man-Machine Studies
The psychology of computer programming
The psychology of computer programming
Secure Coding: Principles and Practices
Secure Coding: Principles and Practices
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Using task context to improve programmer productivity
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
Debugging reinvented: asking and answering why and why not questions about program behavior
Proceedings of the 30th international conference on Software engineering
Secure programming with static analysis
Secure programming with static analysis
VIDA: Visual interactive debugging
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
A framework and methodology for studying the causes of software errors in programming systems
Journal of Visual Languages and Computing
Code bubbles: rethinking the user interface paradigm of integrated development environments
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
An interactive ambient visualization for code smells
Proceedings of the 5th international symposium on Software visualization
Idea: interactive support for secure software development
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
ASIDE: IDE support for web application security
Proceedings of the 27th Annual Computer Security Applications Conference
Interactive support for secure programming education
Proceeding of the 44th ACM technical symposium on Computer science education
Hi-index | 0.01 |
Implementing secure code is an important and oft-overlooked non-functional requirement. Secure programming errors are a subset of program errors that result in many common privacy and security breaches in commercial software. We are seeking to provide interactive support for secure programming in the development environment. In this paper, we have evaluated our prototype tool, ASIDE, which provides real-time warnings and code generation to reduce secure programming errors introduced by programmers. We evaluate the potential use and effectiveness of ASIDE on both novice and professional developers in two comparison user studies. Our results demonstrate that the interactive support can help address this important non-functional requirement, and suggest guidelines for such tools to support programmers.