Evaluating interactive support for secure programming

Authors:
Jing Xie;Heather Lipford;Bei-Tseng Chu
Affiliations:
University of North Carolina at Charlotte, Charlotte, North Carolina, United States;University of North Carolina at Charlotte, Charlotte, North Carolina, United States;University of North Carolina at Charlotte, Charlotte, North Carolina, United States
Venue:
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Year:
2012

Citing 13
Cited 1

Cognitive processing differences between novice and expert computer programmers

International Journal of Man-Machine Studies
The psychology of computer programming

The psychology of computer programming
Secure Coding: Principles and Practices

Secure Coding: Principles and Practices
Barista: An implementation framework for enabling new tools, interaction techniques and views in code editors

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Using task context to improve programmer productivity

Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
Debugging reinvented: asking and answering why and why not questions about program behavior

Proceedings of the 30th international conference on Software engineering
Secure programming with static analysis

Secure programming with static analysis
VIDA: Visual interactive debugging

ICSE '09 Proceedings of the 31st International Conference on Software Engineering
A framework and methodology for studying the causes of software errors in programming systems

Journal of Visual Languages and Computing
Code bubbles: rethinking the user interface paradigm of integrated development environments

Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
An interactive ambient visualization for code smells

Proceedings of the 5th international symposium on Software visualization
Idea: interactive support for secure software development

ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
ASIDE: IDE support for web application security

Proceedings of the 27th Annual Computer Security Applications Conference

Interactive support for secure programming education

Proceeding of the 44th ACM technical symposium on Computer science education

Quantified Score

Hi-index	0.01

Visualization

Abstract

Implementing secure code is an important and oft-overlooked non-functional requirement. Secure programming errors are a subset of program errors that result in many common privacy and security breaches in commercial software. We are seeking to provide interactive support for secure programming in the development environment. In this paper, we have evaluated our prototype tool, ASIDE, which provides real-time warnings and code generation to reduce secure programming errors introduced by programmers. We evaluate the potential use and effectiveness of ASIDE on both novice and professional developers in two comparison user studies. Our results demonstrate that the interactive support can help address this important non-functional requirement, and suggest guidelines for such tools to support programmers.