000000343 001__ 343
000000343 005__ 20210930154837.0
000000343 037__ $$aLERSSE-RefConfPaper-2021-007
000000343 100__ $$aAzadeh Mokhberi
000000343 245__ $$aWhat Makes Security-Related Code Examples Different
000000343 260__ $$c2021-09-06
000000343 300__ $$a12
000000343 520__ $$aDevelopers relying on code examples (CEs) in software engineering can impact code security. We conducted semistructured interviews with seven professional developers to investigate developers’ habits, challenges, and strategies in the life cycle of using security-related code examples (SRCEs), with a focus on exploring the differences between security and non-security-related CEs. Results indicate that a lack of adequately differentiating between SRCEs and non-security-related code examples (NSRCEs) is a reason for introducing vulnerabilities into the code. We found that developers had a habit of reusing vulnerable code from their previous projects. This code reuse unintentionally introduced the same vulnerability into new projects, while that vulnerability had already been fixed in later iterations of the original resource the CE had been taken from. Our results highlight that professional developers need the same number of such CEs even as they gain experience over time, while this may not be the case for NSRCEs.
000000343 6531_ $$ausable security
000000343 6531_ $$asoftware developers
000000343 6531_ $$asecurity-related code examples
000000343 6531_ $$aHuman-centred research
000000343 6531_ $$aHCI
000000343 700__ $$aTiffany Quon
000000343 700__ $$aKonstantin Beznosov
000000343 8560_ $$fmokhberi@ece.ubc.ca
000000343 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/343/files/WSIW2021-%20code%20examples.pdf
000000343 909C4 $$pAzadeh Mokhberi, Tiffany Quon, Konstantin Beznosov. What Makes Security-Related Code Examples Different. In The 7th Workshop on Security Information Workers at SOUPS workshops, 2021.
000000343 980__ $$aRefConfPaper