Write a Blog >>
ESEC/FSE 2021
Thu 19 - Sat 28 August 2021 Clowdr Platform
Fri 27 Aug 2021 16:20 - 16:30 - Dependability—Software Security 1 Chair(s): Yi Li
Sat 28 Aug 2021 04:20 - 04:30 - Dependability—Software Security 1 Chair(s): Mehrdad Sabetzadeh, David Lo

Recent years have seen rapid increases in cybercrime. The use of effective software security activities plays an important part in preventing the harm involved. Objective research on industry use of software security practices is needed to help development teams, academic researchers, and educators to focus their activities.

Since 2008, a team of researchers, including two of the authors, has been gathering objective data on the use of 121 software security activities. The Building Security In Maturity Model (BSIMM)
study explores the activity use of 675,000 software developers, in companies including some of the world’s largest and most security-focused.

Our analysis of the study data shows little consistent growth in security activity adoption industry-wide until 2015. Since then, the data shows a strong increasing trend, along with the adoption of new activities to support cloud-based deployment, an emphasis on component security, and a reduction in security professionals’ policing role. Exploring patterns of adoption, activities related to detecting and responding to vulnerabilities are adopted marginally earlier than activities related to preventing vulnerabilities; and activities related to particular job roles tend to be used together. We also found that 12 developer security activities are adopted early, together, and notably more often than any others.

From these results, we offer recommendations for software and security engineers, and corresponding education and research suggestions for academia. These recommendations offer a strong contribution to improving security in development teams in the future.

Fri 27 Aug

Displayed time zone: Athens change

16:00 - 17:00
Dependability—Software Security 1Research Papers / Industry Papers +12h
Chair(s): Yi Li Nanyang Technological University
16:00
10m
Paper
LastPyMile: Identifying the Discrepancy between Sources and PackagesArtifacts Available
Research Papers
Duc Ly Vu University of Trento, Fabio Massacci University of Trento; Vrije Universiteit Amsterdam, Ivan Pashchenko University of Trento, Henrik Plate SAP Security Research, Antonino Sabetta SAP Security Research
DOI
16:10
10m
Paper
A Grounded Theory of the Role of Coordination in Software Security Patch Management
Research Papers
Nesara Dissanayake University of Adelaide, Mansooreh Zahedi University of Adelaide, Asangi Jayatilaka University of Adelaide, Muhammad Ali Babar University of Adelaide
DOI
16:20
10m
Paper
Infiltrating Security into Development: Exploring the World’s Largest Software Security Study
Industry Papers
Charles Weir Lancaster University, Sammy Migues Synopsys, Mike Ware Synopsys, Laurie Williams North Carolina State University
DOI
16:30
30m
Live Q&A
Q&A (Dependability—Software Security 1)
Research Papers

Sat 28 Aug

Displayed time zone: Athens change

04:00 - 05:00
Dependability—Software Security 1Research Papers / Industry Papers
Chair(s): Mehrdad Sabetzadeh University of Ottawa, David Lo Singapore Management University
04:00
10m
Paper
LastPyMile: Identifying the Discrepancy between Sources and PackagesArtifacts Available
Research Papers
Duc Ly Vu University of Trento, Fabio Massacci University of Trento; Vrije Universiteit Amsterdam, Ivan Pashchenko University of Trento, Henrik Plate SAP Security Research, Antonino Sabetta SAP Security Research
DOI
04:10
10m
Paper
A Grounded Theory of the Role of Coordination in Software Security Patch Management
Research Papers
Nesara Dissanayake University of Adelaide, Mansooreh Zahedi University of Adelaide, Asangi Jayatilaka University of Adelaide, Muhammad Ali Babar University of Adelaide
DOI
04:20
10m
Paper
Infiltrating Security into Development: Exploring the World’s Largest Software Security Study
Industry Papers
Charles Weir Lancaster University, Sammy Migues Synopsys, Mike Ware Synopsys, Laurie Williams North Carolina State University
DOI
04:30
30m
Live Q&A
Q&A (Dependability—Software Security 1)
Research Papers