Open AccessChecklist Usage in Secure Software Development
Author(s) -
Zhongwei Teng,
J. Munro Tate,
William Nock,
Carlos Olea,
J. L. White
Publication year - 2021
Publication title -
natural language processing
Language(s) - English
Resource type - Conference proceedings
DOI - 10.5121/csit.2021.112322
Subject(s) - checklist , computer science , secure coding , reuse , computer security , coding (social sciences) , process (computing) , software engineering , software development , software security assurance , software , information security , engineering , security service , psychology , statistics , mathematics , cognitive psychology , operating system , waste management , programming language
Checklists have been used to increase safety in aviation and help prevent mistakes in surgeries. However, despite the success of checklists in many domains, checklists have not been universally successful in improving safety. A large volume of checklists is being published online for helping software developers produce more secure code and avoid mistakes that lead to cyber-security vulnerabilities. It is not clear if these secure development checklists are an effective method of teaching developers to avoid cyber-security mistakes and reducing coding errors that introduce vulnerabilities. This paper presents in-process research looking at the secure coding checklists available online, how they map to well-known checklist formats investigated in prior human factors research, and unique pitfalls that some secure development checklists exhibit related to decidability, abstraction, and reuse.