Title :
Progress report on the experimental evaluation of security inspection guidance
Author :
Elberzhager, Frank ; Jawurek, Marek ; Jung, Christian ; Klaus, Alexander
Author_Institution :
Fraunhofer Inst. for Exp. Software Eng., Kaiserslautern, Germany
Abstract :
Although security inspections have proven to be a very efficient means for assuring software security early in the software development lifecycle, they are not used extensively because they usually need to be performed by security experts, who are few and thus expensive. Adoption of security inspections could be facilitated if one could encapsulate the expertise and experience of security experts as guidance for security inspections performed by software developers. Our approach to addressing this challenge consists of two different kinds of reading support that provide the required guidance to software developers: Vulnerability Inspection Diagram (VID) and Security Inspection Scenario (SIS). In this article, we sketch our initial experimental evaluation of VIDs and SIS with a group of software developers of an industrial project partner. We present the setup and the experiment´s results. In addition, we describe the implications of our results on future work regarding the approach and further evaluation.
Keywords :
security of data; software maintenance; software metrics; software quality; software reliability; SIS; VID; experimental evaluation; industrial project partner; progress report; security inspection guidance; security inspection scenario; software complexity; software development lifecycle; software security; vulnerability inspection diagram; Computer industry; Costs; Inspection; Java; Job shop scheduling; Programming; Security; Software engineering; Software measurement; Software performance;
Conference_Titel :
Empirical Software Engineering and Measurement, 2009. ESEM 2009. 3rd International Symposium on
Conference_Location :
Lake Buena Vista, FL
Print_ISBN :
978-1-4244-4842-5
Electronic_ISBN :
1938-6451
DOI :
10.1109/ESEM.2009.5314239
