| Title | SIDE: Security-Aware Integrated Development Environment |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Ivaki, Naghmeh, Antunes, Nuno |
| Conference Name | 2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) |
| Keywords | best practices, Buildings, code smells, integrated development environment, Metrics, Monitoring, Predictive models, predictive security metrics, pubcrawl, security, Software, software metrics, software security, Tools |
| Abstract | An effective way for building secure software is to embed security into software in the early stages of software development. Thus, we aim to study several evidences of code anomalies introduced during the software development phase, that may be indicators of security issues in software, such as code smells, structural complexity represented by diverse software metrics, the issues detected by static code analysers, and finally missing security best practices. To use such evidences for vulnerability prediction and removal, we first need to understand how they are correlated with security issues. Then, we need to discover how these imperfect raw data can be integrated to achieve a reliable, accurate and valuable decision about a portion of code. Finally, we need to construct a security actuator providing suggestions to the developers to remove or fix the detected issues from the code. All of these will lead to the construction of a framework, including security monitoring, security analyzer, and security actuator platforms, that are necessary for a security-aware integrated development environment (SIDE). |
| DOI | 10.1109/ISSREW51248.2020.00056 |
| Citation Key | ivaki_side_2020 |
SIDE: Security-Aware Integrated Development Environment