Why developers insert security vulnerabilities into their code

Kaarina Karppinen, Lyly Yonkwa, Mikael Lindvall

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

1 Citation (Scopus)

Abstract

Modern software systems are difficult to test due to their distributed nature, and increased security complicates testing even further. Our hypothesis is that some security vulnerabilities are actually introduced due to developers&psila; need to facilitate testing that software requirements have been implemented correctly. If these temporary security vulnerabilities are not removed before the software is delivered, there is a great risk that they may become fielded security vulnerabilities.In this paper, we study the relationship between such security vulnerabilities and developers' need to improve the testability of an application to facilitate unit and integration testing. We trace detected vulnerabilities to characteristics of the software that made testing difficult and therefore led to testability improvements. We discuss how the need to increase testability may relate to a form of developer usability, and what the ways of dealing with the problem of security vulnerabilities as a consequence of increasing testability are. (11 refs.)
Original languageEnglish
Title of host publication2nd International Conferences on Advances in Computer-Human Interactions, ACHI 2009
Place of PublicationPiscataway
PublisherIEEE Institute of Electrical and Electronic Engineers
Pages289-294
ISBN (Electronic)978-0-7695-3529-6
ISBN (Print)978-1-4244-3351-3
DOIs
Publication statusPublished - 2009
MoE publication typeA4 Article in a conference publication
Event2nd International Conferences on Advances in Computer-Human Interactions, ACHI 2009 - Cancun, Mexico
Duration: 1 Feb 20097 Feb 2009

Conference

Conference2nd International Conferences on Advances in Computer-Human Interactions, ACHI 2009
Country/TerritoryMexico
CityCancun
Period1/02/097/02/09

Fingerprint

Dive into the research topics of 'Why developers insert security vulnerabilities into their code'. Together they form a unique fingerprint.

Cite this