Title :
Why Developers Insert Security Vulnerabilities into Their Code
Author :
Karppinen, Kaarina ; Yonkwa, Lyly ; Lindvall, Mikael
Author_Institution :
VTT Tech. Res., Centre of Finland
Abstract :
Modern software systems are difficult to test due to their distributed nature, and increased security complicates testing even further. Our hypothesis is that some security vulnerabilities are actually introduced due to developerspsila need to facilitate testing that software requirements have been implemented correctly. If these temporary security vulnerabilities are not removed before the software is delivered, there is a great risk that they may become fielded security vulnerabilities.In this paper, we study the relationship between such security vulnerabilities and developers´ need to improve the testability of an application to facilitate unit and integration testing. We trace detected vulnerabilities to characteristics of the software that made testing difficult and therefore led to testability improvements. We discuss how the need to increase testability may relate to a form of developer usability, and what the ways of dealing with the problem of security vulnerabilities as a consequence of increasing testability are.
Keywords :
program testing; security of data; software reliability; security vulnerabilities; software requirements; software systems; software testing; testability improvements; Application software; Computer security; Data security; Distributed computing; Humans; Software systems; Software testing; Spatial databases; System testing; Usability; Security; testability; usability;
Conference_Titel :
Advances in Computer-Human Interactions, 2009. ACHI '09. Second International Conferences on
Conference_Location :
Cancun
Print_ISBN :
978-1-4244-3351-3
Electronic_ISBN :
978-0-7695-3529-6
DOI :
10.1109/ACHI.2009.18
