2019
1.
Nembhard, Fitzroy D.; Carvalho, Marco M.; Eskridge, Thomas C.
Towards the Application of Recommender Systems to Secure Coding Journal Article
In: EURASIP Journal on Information Security, vol. 2019, no. 1, pp. 9, 2019, ISBN: 2510-523X.
Abstract | Links | BibTeX | Tags: ab testing, bugs, code security, intellisense, java, minhash, recommender systems, simhash, software quality, user study, vulnerability detection
@article{nembhard_recommender_journal,
title = {Towards the Application of Recommender Systems to Secure Coding},
author = {Fitzroy D. Nembhard and Marco M. Carvalho and Thomas C. Eskridge},
url = {https://doi.org/10.1186/s13635-019-0092-4},
doi = {10.1186/s13635-019-0092-4},
isbn = {2510-523X},
year = {2019},
date = {2019-06-13},
urldate = {2019-06-13},
journal = {EURASIP Journal on Information Security},
volume = {2019},
number = {1},
pages = {9},
abstract = {Secure coding is crucial for the design of secure and efficient software and computing systems. However, many programmers avoid secure coding practices for a variety of reasons. Some of these reasons are lack of knowledge of secure coding standards, negligence, and poor performance of and usability issues with existing code analysis tools. Therefore, it is essential to create tools that address these issues and concerns. This article features the proposal, development, and evaluation of a recommender system that uses text mining techniques, coupled with IntelliSense technology, to recommend fixes for potential vulnerabilities in program code. The resulting system mines a large code base of over 1.6 million Java files using the MapReduce methodology, creating a knowledge base for a recommender system that provides fixes for taint-style vulnerabilities. Formative testing and a usability study determined that surveyed participants strongly believed that a recommender system would help programmers write more secure code.},
keywords = {ab testing, bugs, code security, intellisense, java, minhash, recommender systems, simhash, software quality, user study, vulnerability detection},
pubstate = {published},
tppubtype = {article}
}
Secure coding is crucial for the design of secure and efficient software and computing systems. However, many programmers avoid secure coding practices for a variety of reasons. Some of these reasons are lack of knowledge of secure coding standards, negligence, and poor performance of and usability issues with existing code analysis tools. Therefore, it is essential to create tools that address these issues and concerns. This article features the proposal, development, and evaluation of a recommender system that uses text mining techniques, coupled with IntelliSense technology, to recommend fixes for potential vulnerabilities in program code. The resulting system mines a large code base of over 1.6 million Java files using the MapReduce methodology, creating a knowledge base for a recommender system that provides fixes for taint-style vulnerabilities. Formative testing and a usability study determined that surveyed participants strongly believed that a recommender system would help programmers write more secure code.
2.
Nembhard, Fitzroy; Carvalho, Marco
The Impact of Interface Design on the Usability of Code Analyzers Proceedings Article
In: 2019 SoutheastCon, pp. 1-6, 2019.
Links | BibTeX | Tags: ab testing, code analysis, code security, ui design, user study, vulnerability detection
@inproceedings{nembhard2019_analyzer_usability,
title = {The Impact of Interface Design on the Usability of Code Analyzers},
author = {Fitzroy Nembhard and Marco Carvalho},
doi = {10.1109/SoutheastCon42311.2019.9020339},
year = {2019},
date = {2019-04-11},
urldate = {2019-04-11},
booktitle = {2019 SoutheastCon},
pages = {1-6},
keywords = {ab testing, code analysis, code security, ui design, user study, vulnerability detection},
pubstate = {published},
tppubtype = {inproceedings}
}