Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Home
  • Attend
    • Registration Information
    • Registration Discounts
    • Venue, Hotel, and Travel
    • Students and Grants
  • Program
    • At a Glance
    • Symposium Program
    • 2nd Workshop on Security Information Workers
    • Who Are You?! Adventures in Authentication
    • Workshop on Privacy Indicators
    • Workshop on Security Fatigue
    • Workshop on the Future of Privacy Notices and Indicators: Will Drones Deliver My Privacy Policy?
  • Activities
    • Poster Session
    • Birds-of-a-Feather Sessions
  • Sponsorship
  • Participate
    • Instructions for Authors and Speakers
    • Call for Nominations
    • Call for Papers
    • Call for Posters and Proposals
      • Call for Papers: 2nd Workshop on Security Information Workers
      • Call for Papers: Who are you?! Adventures in Authentication
      • Call for Papers: Workshop on Privacy Indicators
      • Call for Papers: Workshop on Security Fatigue
      • Workshop: Will Drones Deliver My Privacy Policy?
  • About
    • Organizers
    • Past Symposia

sponsors

Gold Sponsor
Silver Sponsor
Silver Sponsor
Bronze Sponsor
Media Sponsor
Media Sponsor
Industry Partner
  • Home
  • Attend
  • Program
  • Activities
  • Sponsorship
  • Participate
  • About

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home ยป What Questions Remain? An Examination of How Developers Understand an Interactive Static Analysis Tool
Tweet

connect with us

What Questions Remain? An Examination of How Developers Understand an Interactive Static Analysis Tool

Authors: 

Tyler W Thomas, Heather Lipford, and Bill Chu, University of North Carolina at Charlotte; Justin Smith and Emerson Murphy-Hill, North Carolina State University

Abstract: 

Security vulnerabilities are often accidentally introduced as developers implement code. While there are a variety of existing tools to help detect security vulnerabilities, they are seldom used by developers due to the time or security expertise required. We are investigating techniques integrated within the IDE to help developers detect and mitigate security vulnerabilities. In previous work, we examined the questions developers ask when investigating security vulnerabilities with static analysis tools. With those questions as a lens, we now investigate our proposed approach of interactive static analysis. We evaluated the interactions and perceptions of professional developers as they interacted with warnings produced by our tool. Our results provide evidence that our approach e ectively communicates security vulnerability information to software developers and provides design guidance for such tools.

Tyler W. Thomas, University of North Carolina at Charlotte

Heather Lipford, University of North Carolina at Charlotte

Bill Chu, University of North Carolina at Charlotte

Justin Smith, North Carolina State University

Emerson Murphy-Hill, North Carolina State University

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {197848,
author = {Tyler W. Thomas and Heather Lipford and Bill Chu and Justin Smith and Emerson Murphy-Hill},
title = {What Questions Remain? An Examination of How Developers Understand an Interactive Static Analysis Tool},
booktitle = {Twelfth Symposium on Usable Privacy and Security (SOUPS 2016)},
year = {2016},
address = {Denver, CO},
url = {https://www.usenix.org/conference/soups2016/workshop-program/wsiw16/presentation/thomas},
publisher = {USENIX Association},
month = jun,
}
Download
Thomas PDF
  • Log in or    Register to post comments

Gold Sponsors

Silver Sponsors

Bronze Sponsors

Media Sponsors & Industry Partners

© USENIX

  • Privacy Policy
  • Contact Us