PRESS-NEWS.org - Press Release Distribution
PRESS RELEASES DISTRIBUTION

Researchers tackle issues surrounding security tools for software developers

2015-08-24
(Press-News.org) For software programmers, security tools are analytic software that can scan or run their code to expose vulnerabilities long before the software goes to market. But these tools can have shortcomings, and programmers don't always use them. New research from National Science Foundation-funded computer science researcher Emerson Murphy-Hill and his colleagues tackles three different aspects of the issue.

"Our work is focused on understanding the developers who are trying to identify security vulnerabilities in their code, and how they use (or don't use) tools that can help them find those vulnerabilities," says Murphy-Hill, an associate professor of computer science at NC State University. "The one thing that ties all of our work together is that we want to help give programmers the best possible tools and help them use those tools effectively."

In the first of three related papers being presented next week at the Symposium on the Foundations of Software Engineering, a team of computer science and psychology researchers from NC State and Microsoft Research surveyed more than 250 developers on their experiences with security tools. The goal was to determine what influences a developer's use of these tools - and the findings were somewhat surprising.

For one thing, developers who said they worked on products in which security was important were not much more likely to use security tools than other programmers.

Instead, "the two things that were most strongly associated with using security tools were peer influence and corporate culture," Murphy-Hill says. Specifically, people who said they had seen what others do with security tools, and people whose bosses expected them to use security tools, were most likely to take advantage of the tools.

"This research gives software development companies and managers information they can use to effectively influence the adoption of security tools by developers," Murphy-Hill says.

But these tools aren't completely accurate. For example, they can tell programmers there's a problem where no problem actually exists. And the tools aren't always user-friendly. In short, the characteristics of the tools themselves can affect whether programmers choose to use them.

To shed light on how security tools support developers in diagnosing potential vulnerabilities, Murphy-Hill's team and collaborators from the University of North Carolina at Charlotte devised a separate study, effectively asking: do tools give developers the information they need to determine if there's a real problem and how to fix it?

In this study, the researchers gave 10 developers of varying backgrounds a specific security tool and a substantial chunk of open-source code to examine. The code contained known security vulnerabilities, which were identified by the security tool. Each of the study participants was asked to use the tool, inspect the source code, and say whether each security notification from the tool was real and how they would address the vulnerabilities.

"In many cases, the tool presented multiple possible fixes for a problem, but didn't give programmers much information about the relevant advantages and disadvantages of each fix," Murphy-Hill says. "We found that this made it difficult for programmers to select the best course of action."

The tool would also give developers multiple notifications that seemed to be related to each other - but the notifications didn't give developers information on exactly how the problems related to each other.

"This can be confusing for programmers, and lead to problems if developers don't fully understand how various problems are related to each other or how potential fixes might affect the overall code," Murphy-Hill says.

"More research is needed to really flesh these findings out - we need to expand this study to incorporate more programmers and more security tools," Murphy-Hill says. "But overall, we're hoping that this and related work can help programmers create more effective tools for use by the software development community."

One concept that Murphy-Hill and colleagues from NC State propose in a third paper is the idea of "bespoke" tools. The basic idea is to create tools that developers use - including security tools - that are capable of evolving over time as they are used, adapting to each programmer's particular areas of expertise.

"For example, programmers with expertise in addressing security vulnerabilities won't need a security tool that offers extensive information on all of the potential fixes for a given vulnerability - wading through that might slow them down," Murphy-Hill says. "So a bespoke tool might learn to offer only basic information about potential fixes for them. But the tool could also recognize that it needs to leave in that additional information for less security-savvy programmers, who may need it to make informed decisions."

These bespoke tools could learn about a programmer's strengths through both the programmer's interactions with the tool and by analyzing the programmer's code itself, Murphy-Hill says.

INFORMATION:

The Symposium on the Foundations of Software Engineering is being held Aug. 30 to Sept. 4 in Bergamo, Italy. Lead author of "Quantifying Developers' Adoption of Security Tools" is Jim Witschey, a former computer science graduate student at NC State. The paper was co-authored by Olga Zielinska, Allaire Welk, Murphy-Hill, and Chris Mayhorn of NC State and Thomas Zimmerman of Microsoft Research. Lead author of "Questions Developers Ask While Diagnosing Potential Security Vulnerabilities with Static Analysis," is Justin Smith, a Ph.D. student at NC State. The paper was co-authored by Brittany Johnson and Murphy-Hill of NC State and Bill Chu and Heather Richter Lipford of UNC-Charlotte. Johnson is also lead author of "Bespoke Tools: Adapted to the Concepts Developers Know." Co-authors are Rahul Pandita, Murphy-Hill and Sarah Heckman of NC State.

The research was supported by NSF under grants 1318323, DGE-0946818 and 1217700.



ELSE PRESS RELEASES FROM THIS DATE:

Men, people over 65 sleep better when they have access to nature

2015-08-24
URBANA, Ill. - Men and persons age 65 and older who have access to natural surroundings, whether it's the green space of a nearby park or a sandy beach and an ocean view, report sleeping better, according to a new University of Illinois study published in Preventive Medicine. "It's hard to overestimate the importance of high-quality sleep," said Diana Grigsby-Toussaint, a U of I professor of kinesiology and community health and a faculty member in the U of I's Division of Nutritional Sciences. "Studies show that inadequate sleep is associated with declines in mental ...

Study backs flu vaccinations for elderly

2015-08-24
PROVIDENCE, R.I. [Brown University] -- A new study of the records of millions of nursing home residents affirms the value of influenza vaccination among the elderly. The Brown University analysis found that between 2000 and 2009, the better matched the vaccine was for the influenza strain going around, the fewer nursing home residents died or were hospitalized. Although flu vaccination is a standard of care and a measure of quality in nursing homes, some public health experts question the evidence of whether they do any good, said Vincent Mor, corresponding author of ...

GPM sees rainfall in Tropical Depression Kilo nearing Johnston Island

GPM sees rainfall in Tropical Depression Kilo nearing Johnston Island
2015-08-24
The Global Precipitation Measurement or GPM mission core satellite gathered rainfall data on Tropical Depression Kilo as it heads toward Johnston Island in the Central Pacific Ocean. On August 24, a Tropical Storm Warning was posted for Johnston Island Kilo formed as depression and strengthened into a tropical storm to southeast of the Hawaiian Islands on August 20, 2015. By 5 a.m. EDT on Sunday, August 23, Kilo weakened to a tropical depression. Today, August 24, the tropical depression nearing Johnston Island. The National Hurricane Center noted that Johnston Island ...

Brains of abused teenagers show 'encouraging' ability to regulate emotions

2015-08-24
Washington D.C., August 24, 2015 - Children who have been abused typically experience more intense emotions than their peers who have not been abused. This is often considered a byproduct of living in volatile, dangerous environments. A recent study published in the Journal of the American Academy of Child and Adolescent Psychiatry (JAACAP) set to find out what happens when these children are taught how to regulate their emotions. Could that better help them cope with difficult situations? The team of researchers from the University of Washington studied what happens ...

How to stay awake without caffeine

2015-08-24
WASHINGTON, Aug. 24 2015 -- You're tired and you need an energy boost, but you don't want the jitters from caffeine. What to do? In this Reactions video, we give you some chemistry-backed tips -- one of which involves cats -- to boost your productivity and stay awake without refilling the coffee cup. Check it out here: https://youtu.be/SvEQBURrPow INFORMATION: Subscribe to our weekly series at http://bit.ly/ACSReactions and follow us on Twitter @ACSReactions. The American Chemical Society is a nonprofit organization chartered by the U.S. Congress. With more than 158,000 ...

Ants do drugs

2015-08-24
We humans have been using self-medication to cure the illnesses since the dawn of our species. There is some evidence that also other animals can exhibit this type of behavior, but the evidence has been hard to come by. Scientists from the University of Helsinki, Finland, have now shown that black ant Formica fusca can change their taste for food once exposed to the fungal pathogens. In the compound of interest was hydrogen peroxide, which can be found in the damaged plants, other insects and cadavers. "When ants are feeding on the diet containing extra free radicals ...

Enjoyment motivates people to participate in the sharing economy

2015-08-24
People are motivated to participate in the sharing economy because of its ecological sustainability, the enjoyment derived from the activity, the sense of community, and saving money and time. Ecological sustainability is one of the basic principles of the sharing economy - not to purchase everything individually but rather consumer collaboratively by sharing goods and services. Another canonical principle of the sharing economy is 'paying it forward'. However, collaborative consumption may involve the same hurdles as any other type of green consumption, researcher from ...

Patient born with insensitivity to pain acquires neuropathic pain following childbirth

2015-08-24
The report, published on F1000Research and titled Neuropathic pain in a patient with congenital insensitivity to pain has just passed peer review. It concerns a unique case of a woman with Channelopathy-associated Insensitivity to Pain (CIP) Syndrome, who developed features of neuropathic pain after sustaining pelvic fractures and an epidural hematoma that impinged on the right fifth lumbar (L5) nerve root. These injuries were sustained during a painless labour, which culminated in a Caesarean section. The patient had been diagnosed with CIP as child. This was later ...

Children's hospitals shift from CT scans for common childhood health problems

2015-08-24
CINCINNATI - A study published online Aug. 24 by the journal Pediatrics finds a significant decrease in the use of computed tomography (CT) scans at children's hospitals for 10 common childhood diagnoses including seizure, concussion, appendectomy and upper respiratory tract infection. Alternate types of imaging such as ultrasound and magnetic resonance imaging (MRI) are being used more frequently for eight of the 10 diagnoses. Study authors hypothesize the decline in CT usage may be attributable to a growing body of evidence linking ionizing radiation from CT scans to ...

Crying has its perks

2015-08-24
Yes, a good cry indeed might go a long way to make you feel better, says Asmir Gračanin of the University of Tilburg in the Netherlands, lead author of a study in Springer's journal Motivation and Emotion. These findings were established after a research team videotaped a group of participants while watching the emotionally charged films La vita è bella and Hachi: A Dog's Tale. Afterwards, the participants were asked a few times to reflect on how they felt. Although humans are the only species able to shed emotional tears, little is known about the function ...

LAST 30 PRESS RELEASES:

Osteoporosis treatment benefits people older than 80

Consuming more protein may protect patients taking anti-obesity drug from muscle loss

Thyroid treatment may improve gut health in people with hypothyroidism

Combination of obesity medication tirzepatide and menopause hormone therapy fuels weight loss

High blood sugar may have a negative impact on men’s sexual health

Emotional health of parents tied to well-being of children with growth hormone deficiency

Oxytocin may reduce mood changes in women with disrupted sleep

Mouse study finds tirzepatide slowed obesity-associated breast cancer growth

CMD-OPT model enables the discovery of a potent and selective RIPK2 inhibitor as preclinical candidate for the treatment of acute liver injury

Melatonin receptor 1a alleviates sleep fragmentation-aggravated testicular injury in T2DM by suppression of TAB1/TAK1 complex through FGFR1

Single-cell RNA sequencing reveals Shen-Bai-Jie-Du decoction retards colorectal tumorigenesis by regulating the TMEM131–TNF signaling pathway-mediated differentiation of immunosuppressive dendritic ce

Acta Pharmaceutica Sinica B Volume 15, Issue 7 Publishes

New research expands laser technology

Targeted radiation offers promise in patients with metastasized small cell lung cancer to the brain

A high clinically translatable strategy to anti-aging using hyaluronic acid and silk fibroin co-crosslinked hydrogels as dermal regenerative fillers

Mount Sinai researchers uncover differences in how males and females change their mind when reflecting on past mistakes

CTE and normal aging are difficult to distinguish, new study finds

Molecular arms race: How the genome defends itself against internal enemies

Tiny chip speeds up antibody mapping for faster vaccine design

KTU experts reveal why cultural heritage is important for community unity

More misfolded proteins than previously known may contribute to Alzheimer’s and dementia

“Too much going on”: Autistic adults overwhelmed by non-verbal social cues

What’s driving America’s deep freezes in a warming world?

A key role of brain protein in learning and memory is deciphered by scientists

Heart attacks don’t follow a Hollywood script

Erin M. Schuman wins 2026 Nakasone Award for discovery on neural synapse function and change during formation of memories

Global ocean analysis could replace costly in-situ sound speed profiles in seafloor positioning, study finds

Power in numbers: Small group professional coaching reduces rates of physician burnout by nearly 30%

Carbon capture, utilization, and storage: A comprehensive review of CCUS-EOR

New high-temperature stable dispersed particle gel for enhanced profile control in CCUS applications

[Press-News.org] Researchers tackle issues surrounding security tools for software developers