PRESS-NEWS.org - Press Release Distribution
PRESS RELEASES DISTRIBUTION

Researchers tackle issues surrounding security tools for software developers

2015-08-24
(Press-News.org) For software programmers, security tools are analytic software that can scan or run their code to expose vulnerabilities long before the software goes to market. But these tools can have shortcomings, and programmers don't always use them. New research from National Science Foundation-funded computer science researcher Emerson Murphy-Hill and his colleagues tackles three different aspects of the issue.

"Our work is focused on understanding the developers who are trying to identify security vulnerabilities in their code, and how they use (or don't use) tools that can help them find those vulnerabilities," says Murphy-Hill, an associate professor of computer science at NC State University. "The one thing that ties all of our work together is that we want to help give programmers the best possible tools and help them use those tools effectively."

In the first of three related papers being presented next week at the Symposium on the Foundations of Software Engineering, a team of computer science and psychology researchers from NC State and Microsoft Research surveyed more than 250 developers on their experiences with security tools. The goal was to determine what influences a developer's use of these tools - and the findings were somewhat surprising.

For one thing, developers who said they worked on products in which security was important were not much more likely to use security tools than other programmers.

Instead, "the two things that were most strongly associated with using security tools were peer influence and corporate culture," Murphy-Hill says. Specifically, people who said they had seen what others do with security tools, and people whose bosses expected them to use security tools, were most likely to take advantage of the tools.

"This research gives software development companies and managers information they can use to effectively influence the adoption of security tools by developers," Murphy-Hill says.

But these tools aren't completely accurate. For example, they can tell programmers there's a problem where no problem actually exists. And the tools aren't always user-friendly. In short, the characteristics of the tools themselves can affect whether programmers choose to use them.

To shed light on how security tools support developers in diagnosing potential vulnerabilities, Murphy-Hill's team and collaborators from the University of North Carolina at Charlotte devised a separate study, effectively asking: do tools give developers the information they need to determine if there's a real problem and how to fix it?

In this study, the researchers gave 10 developers of varying backgrounds a specific security tool and a substantial chunk of open-source code to examine. The code contained known security vulnerabilities, which were identified by the security tool. Each of the study participants was asked to use the tool, inspect the source code, and say whether each security notification from the tool was real and how they would address the vulnerabilities.

"In many cases, the tool presented multiple possible fixes for a problem, but didn't give programmers much information about the relevant advantages and disadvantages of each fix," Murphy-Hill says. "We found that this made it difficult for programmers to select the best course of action."

The tool would also give developers multiple notifications that seemed to be related to each other - but the notifications didn't give developers information on exactly how the problems related to each other.

"This can be confusing for programmers, and lead to problems if developers don't fully understand how various problems are related to each other or how potential fixes might affect the overall code," Murphy-Hill says.

"More research is needed to really flesh these findings out - we need to expand this study to incorporate more programmers and more security tools," Murphy-Hill says. "But overall, we're hoping that this and related work can help programmers create more effective tools for use by the software development community."

One concept that Murphy-Hill and colleagues from NC State propose in a third paper is the idea of "bespoke" tools. The basic idea is to create tools that developers use - including security tools - that are capable of evolving over time as they are used, adapting to each programmer's particular areas of expertise.

"For example, programmers with expertise in addressing security vulnerabilities won't need a security tool that offers extensive information on all of the potential fixes for a given vulnerability - wading through that might slow them down," Murphy-Hill says. "So a bespoke tool might learn to offer only basic information about potential fixes for them. But the tool could also recognize that it needs to leave in that additional information for less security-savvy programmers, who may need it to make informed decisions."

These bespoke tools could learn about a programmer's strengths through both the programmer's interactions with the tool and by analyzing the programmer's code itself, Murphy-Hill says.

INFORMATION:

The Symposium on the Foundations of Software Engineering is being held Aug. 30 to Sept. 4 in Bergamo, Italy. Lead author of "Quantifying Developers' Adoption of Security Tools" is Jim Witschey, a former computer science graduate student at NC State. The paper was co-authored by Olga Zielinska, Allaire Welk, Murphy-Hill, and Chris Mayhorn of NC State and Thomas Zimmerman of Microsoft Research. Lead author of "Questions Developers Ask While Diagnosing Potential Security Vulnerabilities with Static Analysis," is Justin Smith, a Ph.D. student at NC State. The paper was co-authored by Brittany Johnson and Murphy-Hill of NC State and Bill Chu and Heather Richter Lipford of UNC-Charlotte. Johnson is also lead author of "Bespoke Tools: Adapted to the Concepts Developers Know." Co-authors are Rahul Pandita, Murphy-Hill and Sarah Heckman of NC State.

The research was supported by NSF under grants 1318323, DGE-0946818 and 1217700.



ELSE PRESS RELEASES FROM THIS DATE:

Men, people over 65 sleep better when they have access to nature

2015-08-24
URBANA, Ill. - Men and persons age 65 and older who have access to natural surroundings, whether it's the green space of a nearby park or a sandy beach and an ocean view, report sleeping better, according to a new University of Illinois study published in Preventive Medicine. "It's hard to overestimate the importance of high-quality sleep," said Diana Grigsby-Toussaint, a U of I professor of kinesiology and community health and a faculty member in the U of I's Division of Nutritional Sciences. "Studies show that inadequate sleep is associated with declines in mental ...

Study backs flu vaccinations for elderly

2015-08-24
PROVIDENCE, R.I. [Brown University] -- A new study of the records of millions of nursing home residents affirms the value of influenza vaccination among the elderly. The Brown University analysis found that between 2000 and 2009, the better matched the vaccine was for the influenza strain going around, the fewer nursing home residents died or were hospitalized. Although flu vaccination is a standard of care and a measure of quality in nursing homes, some public health experts question the evidence of whether they do any good, said Vincent Mor, corresponding author of ...

GPM sees rainfall in Tropical Depression Kilo nearing Johnston Island

GPM sees rainfall in Tropical Depression Kilo nearing Johnston Island
2015-08-24
The Global Precipitation Measurement or GPM mission core satellite gathered rainfall data on Tropical Depression Kilo as it heads toward Johnston Island in the Central Pacific Ocean. On August 24, a Tropical Storm Warning was posted for Johnston Island Kilo formed as depression and strengthened into a tropical storm to southeast of the Hawaiian Islands on August 20, 2015. By 5 a.m. EDT on Sunday, August 23, Kilo weakened to a tropical depression. Today, August 24, the tropical depression nearing Johnston Island. The National Hurricane Center noted that Johnston Island ...

Brains of abused teenagers show 'encouraging' ability to regulate emotions

2015-08-24
Washington D.C., August 24, 2015 - Children who have been abused typically experience more intense emotions than their peers who have not been abused. This is often considered a byproduct of living in volatile, dangerous environments. A recent study published in the Journal of the American Academy of Child and Adolescent Psychiatry (JAACAP) set to find out what happens when these children are taught how to regulate their emotions. Could that better help them cope with difficult situations? The team of researchers from the University of Washington studied what happens ...

How to stay awake without caffeine

2015-08-24
WASHINGTON, Aug. 24 2015 -- You're tired and you need an energy boost, but you don't want the jitters from caffeine. What to do? In this Reactions video, we give you some chemistry-backed tips -- one of which involves cats -- to boost your productivity and stay awake without refilling the coffee cup. Check it out here: https://youtu.be/SvEQBURrPow INFORMATION: Subscribe to our weekly series at http://bit.ly/ACSReactions and follow us on Twitter @ACSReactions. The American Chemical Society is a nonprofit organization chartered by the U.S. Congress. With more than 158,000 ...

Ants do drugs

2015-08-24
We humans have been using self-medication to cure the illnesses since the dawn of our species. There is some evidence that also other animals can exhibit this type of behavior, but the evidence has been hard to come by. Scientists from the University of Helsinki, Finland, have now shown that black ant Formica fusca can change their taste for food once exposed to the fungal pathogens. In the compound of interest was hydrogen peroxide, which can be found in the damaged plants, other insects and cadavers. "When ants are feeding on the diet containing extra free radicals ...

Enjoyment motivates people to participate in the sharing economy

2015-08-24
People are motivated to participate in the sharing economy because of its ecological sustainability, the enjoyment derived from the activity, the sense of community, and saving money and time. Ecological sustainability is one of the basic principles of the sharing economy - not to purchase everything individually but rather consumer collaboratively by sharing goods and services. Another canonical principle of the sharing economy is 'paying it forward'. However, collaborative consumption may involve the same hurdles as any other type of green consumption, researcher from ...

Patient born with insensitivity to pain acquires neuropathic pain following childbirth

2015-08-24
The report, published on F1000Research and titled Neuropathic pain in a patient with congenital insensitivity to pain has just passed peer review. It concerns a unique case of a woman with Channelopathy-associated Insensitivity to Pain (CIP) Syndrome, who developed features of neuropathic pain after sustaining pelvic fractures and an epidural hematoma that impinged on the right fifth lumbar (L5) nerve root. These injuries were sustained during a painless labour, which culminated in a Caesarean section. The patient had been diagnosed with CIP as child. This was later ...

Children's hospitals shift from CT scans for common childhood health problems

2015-08-24
CINCINNATI - A study published online Aug. 24 by the journal Pediatrics finds a significant decrease in the use of computed tomography (CT) scans at children's hospitals for 10 common childhood diagnoses including seizure, concussion, appendectomy and upper respiratory tract infection. Alternate types of imaging such as ultrasound and magnetic resonance imaging (MRI) are being used more frequently for eight of the 10 diagnoses. Study authors hypothesize the decline in CT usage may be attributable to a growing body of evidence linking ionizing radiation from CT scans to ...

Crying has its perks

2015-08-24
Yes, a good cry indeed might go a long way to make you feel better, says Asmir Gračanin of the University of Tilburg in the Netherlands, lead author of a study in Springer's journal Motivation and Emotion. These findings were established after a research team videotaped a group of participants while watching the emotionally charged films La vita è bella and Hachi: A Dog's Tale. Afterwards, the participants were asked a few times to reflect on how they felt. Although humans are the only species able to shed emotional tears, little is known about the function ...

LAST 30 PRESS RELEASES:

Imaging detects transient “hypoxic pockets” in the mouse brain

Dissolved organic matter could be used to track and improve the health of freshwaters

Indoor air quality standards in public buildings would boost health and economy, say international experts

Positive associations between premenstrual disorders and perinatal depression

New imaging method illuminates oxygen's journey in the brain

Researchers discover key gene for toxic alkaloid in barley

New approach to monitoring freshwater quality can identify sources of pollution, and predict their effects

Bidirectional link between premenstrual disorders and perinatal depression

Cell division quality control ‘stopwatch’ uncovered

Vaccine protects cattle from bovine tuberculosis, may eliminate disease

Andrew Siemion to receive the SETI Institute’s 2024 Drake Award

New study shows how the Crimean-Congo hemorrhagic fever virus enters our cells

Neoadjuvant chemotherapy proves effective for locally advanced penile squamous cell carcinoma

Study flips treatment paradigm in bilateral Wilms tumor, shows resistance to chemotherapy may point toward favorable outcomes

Doctors received approximately $12.1 billion from drug and device makers between 2013-2022

Discovery suggests new strategy against follicular lymphoma

Making the future too bright: how wishful thinking can point us in the wrong direction

Ochsner Health named to Newsweek’s America’s Greatest Workplaces 2024 for Job Starters

Three-year study of young stars with NASA’s Hubble enters new chapter

North Carolina takes the lead in PFAs research with Collaboratory’s $3 million investment to expand the state’s research capacity

Is it the school, or the students?

Exploring the relationship between HIV pre-exposure prophylaxis and the incidence of chlamydia, gonorrhea and syphilis – findings from Denmark

Music: Song lyrics have become simpler and more repetitive since 1980

Environment: More than half of Colorado River’s water used to irrigate crops

When inequality is more than “skin-deep”: Social status leaves traces in the epigenome of spotted hyenas in Tanzania

Study explores the future of at-home cancer treatment

First performance standards published to measure the effectiveness of lifestyle medicine treatments

To keep volunteers, connect them

Suppressing boredom at work hurts future productivity, study shows

Older brain cells linger unexpectedly before their death

[Press-News.org] Researchers tackle issues surrounding security tools for software developers