@inproceedings{b3e948e57ce241e3b5b88bff19c6c5f9,
title = "Studying Secure Coding in the Laboratory: Why, What, Where, How, and Who?",
abstract = "Software security is an area of growing concern, with over 192,000 known vulnerabilities in public software at the time of writing. Many aids to secure coding exist. Assessing the effectiveness of such aids in a laboratory environment is difficult. There are a number of concerns to address, such as recruitment issues and the level of instrumentation needed to perform an accurate measurement. Based on an extensive literature review of software development aids, we describe recent approaches to running laboratory studies, their characteristics, and their benefits and drawbacks. This paper should be of use to anyone planning to undertake coding studies with software developers.",
keywords = "application security, secure application development, secure development, secure development lifecycle, secure development processes, secure development tools, secure programming, security issue, software developer, software programmer, Software security",
author = "Ita Ryan and Stol, \{Klaas Jan\} and Utz Roedig",
note = "Publisher Copyright: {\textcopyright} 2023 IEEE.; 4th IEEE/ACM International Workshop on Engineering and Cybersecurity of Critical Systems, EnCyCriS 2023 ; Conference date: 15-05-2023",
year = "2023",
doi = "10.1109/EnCyCriS59249.2023.00008",
language = "English",
series = "Proceedings - 2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems, EnCyCriS 2023",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "23--30",
booktitle = "Proceedings - 2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems, EnCyCriS 2023",
address = "United States",
}
