Write a Blog >>
ICSE 2020
Wed 24 June - Thu 16 July 2020
Tue 7 Jul 2020 07:36 - 07:48 at Goguryeo - I2-Security Chair(s): Andrea Stocco

A wide range of tools exist to assist developers in creating secure software. Many of these tools, such as static analysis engines or security checkers included in compilers, use warnings to communicate security issues to developers. The effectiveness of these tools relies on developers heeding these warnings, and there are many ways in which these warnings could be displayed. While ample research has been invested into understanding how end users interact with security warnings, there is far less information on developers. For this paper, we intend to gather insights into what developers want from security warnings, including what form they should take and how they should integrate into their workflow and work context. To this end, we conducted a Grounded Theory study with 14 professional software developers and 12 computer science students as well as a focus group with 7 academic researchers to gather qualitative insights. To back up the theories developed from the qualitative research, we ran a quantitative survey with 50 professional software developers. Our results show that there is significant heterogeneity amongst developers and that no one warning type is preferred over all others. The context in which the warnings are shown is also highly relevant, indicating that it is likely to be beneficial if IDEs and other development tools become more flexible in their warning interactions with developers. Based on our findings, we provide concrete recommendations for both future research as well as how IDEs and other security tools can improve their interaction with developers.

Tue 7 Jul
Times are displayed in time zone: (UTC) Coordinated Universal Time change

07:00 - 08:00: I2-SecurityPaper Presentations / New Ideas and Emerging Results / Technical Papers at Goguryeo
Chair(s): Andrea StoccoUniversità della Svizzera italiana
07:00 - 07:12
Talk
Technical Papers
Valentin WüstholzConsenSys Diligence, Maria ChristakisMPI-SWS
Pre-print
07:12 - 07:24
Talk
Technical Papers
Yannic NollerHumboldt-Universität zu Berlin, Corina S. PasareanuCarnegie Mellon University Silicon Valley, NASA Ames Research Center, Marcel BöhmeMonash University, Youcheng SunQueen's University Belfast, Hoang Lam NguyenHumboldt-Universität zu Berlin, Lars GrunskeHumboldt-Universität zu Berlin
Pre-print
07:24 - 07:36
Talk
Technical Papers
Xiyue ZhangPeking University, Xiaofei XieNanyang Technological University, Lei MaKyushu University, Xiaoning DuNanyang Technological University, Qiang HuKyushu University, Japan, Yang LiuNanyang Technological University, Singapore, Jianjun ZhaoKyushu University, Meng SunPeking University
Pre-print
07:36 - 07:48
Talk
Technical Papers
Anastasia DanilovaUniversity of Bonn, Alena NaiakshinaUniversity of Bonn, Matthew SmithUniversity of Bonn, Fraunhofer FKIE
07:48 - 07:54
Talk
New Ideas and Emerging Results
Gian Luca ScocciaUniversity of L'Aquila, Matteo Maria FioreUniversity of L'Aquila, Patrizio PelliccioneUniversity of L'Aquila and Chalmers | University of Gothenburg, Marco AutiliUniversity of L'Aquila, Italy, Paola InverardiUniversity of L'Aquila, Alejandro RussoChalmers University of Technology, Sweden
07:54 - 08:00
Talk
New Ideas and Emerging Results
Koen Yskoutimec - DistriNet, KU Leuven, Thomas HeymanToreon, Dimitri Van LanduytKatholieke Universiteit Leuven, Laurens Sionimec-DistriNet, KU Leuven, Kim Wuytsimec-DistriNet, KU Leuven, Wouter JoosenKatholieke Universiteit Leuven
Pre-print