Nowadays, every software system must consider the security of personal data or protection against attackers. It is expected that security experts and developers choose, design, and implement adequate security mechanisms – a task that brings a variety of challenges. “Insecure design” was added to the OWASP Top 10 security risks in 2021.
Although a variety of libraries are available, developers must write code to use them or implement other security features in the code. We call these functionalities security features. We want to find out what security features developers need to develop themselves because, for example, no library is available, or they do not meet all requirements.
When a vulnerability becomes known, it is important to fix it quickly to avoid potential damage and costs. Locating the relevant security features is very time-consuming as they are often distributed across multiple parts of the codebase. This highlights the importance of new tools and aids for security experts and developers. These tools can help identify vulnerabilities quickly.
As part of a user study, we aim to identify difficulties in designing and implementing security mechanisms in the industry and develop solutions to support developers in identifying security problems. We are looking for industry experts and developers who are responsible for planning or implementing security mechanisms. Interviews (approx. 45 minutes) will be conducted to identify problems with the development of security features and corresponding solution approaches.
Our goal is to develop new methods and tools that help developers quickly locate and fix vulnerabilities. By answering our questions, you can contribute to the development of these tools.
The study is conducted as part of a project of the Casa Excellence Initiative at the Chair of Software Engineering at Ruhr-University Bochum with Prof. Dr. Thorsten Berger as a mentor. If you are interested in participating in our user study, please send us an email at email@example.com. We will then get in touch with you and provide you with further information.
This project is funded by the Casa Excellence Initiative and the German Research Foundation.