Foraging-Theoretic Tool Composition: An Empirical Study on Vulnerability Discovery
| Title | Foraging-Theoretic Tool Composition: An Empirical Study on Vulnerability Discovery |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Assarandarban, Mona, Bhowmik, Tanmay, Do, Anh Quoc, Chekuri, Surendra, Wang, Wentao, Niu, Nan |
| Conference Name | 2021 IEEE 22nd International Conference on Information Reuse and Integration for Data Science (IRI) |
| Keywords | codes, composability, compositionality, Costs, Data Science, Design methodology, design science, empirical study, Information foraging theory, Information Reuse, Metrics, object oriented security, profitability, pubcrawl, Resiliency, security, Software, tool design patterns, Tools, vulnerability discovery |
| Abstract | Discovering vulnerabilities is an information-intensive task that requires a developer to locate the defects in the code that have security implications. The task is difficult due to the growing code complexity and some developer's lack of security expertise. Although tools have been created to ease the difficulty, no single one is sufficient. In practice, developers often use a combination of tools to uncover vulnerabilities. Yet, the basis on which different tools are composed is under explored. In this paper, we examine the composition base by taking advantage of the tool design patterns informed by foraging theory. We follow a design science methodology and carry out a three-step empirical study: mapping 34 foraging-theoretic patterns in a specific vulnerability discovery tool, formulating hypotheses about the value and cost of foraging when considering two composition scenarios, and performing a human-subject study to test the hypotheses. Our work offers insights into guiding developers' tool usage in detecting software vulnerabilities. |
| DOI | 10.1109/IRI51335.2021.00025 |
| Citation Key | assarandarban_foraging-theoretic_2021 |