Write a Blog >>
ESEC/FSE 2021
Thu 19 - Sat 28 August 2021 Clowdr Platform
Fri 27 Aug 2021 16:10 - 16:20 - Dependability—Software Security 1 Chair(s): Yi Li
Sat 28 Aug 2021 04:10 - 04:20 - Dependability—Software Security 1 Chair(s): Mehrdad Sabetzadeh, David Lo

Several disastrous security attacks can be attributed to delays in patching software vulnerabilities. While researchers and practitioners have paid significant attention to automate vulnerabilities identification and patch development activities of software security patch management, there has been relatively little effort dedicated to gain an in-depth understanding of the socio-technical aspects, e.g., coordination of interdependent activities of the patching process and patching decisions, that may cause delays in applying security patches. We report on a Grounded Theory study of the role of coordination in security patch management. The reported theory consists of four inter-related dimensions, i.e., causes, breakdowns, constraints, and mechanisms. The theory explains the causes that define the need for coordination among interdependent software/hardware components and multiple stakeholders’ decisions, the constraints that can negatively impact coordination, the breakdowns in coordination, and the potential corrective measures. This study provides potentially useful insights for researchers and practitioners who can carefully consider the needs of and devise suitable solutions for supporting the coordination of interdependencies involved in security patch management.

Fri 27 Aug

Displayed time zone: Athens change

16:00 - 17:00
Dependability—Software Security 1Research Papers / Industry Papers +12h
Chair(s): Yi Li Nanyang Technological University
16:00
10m
Paper
LastPyMile: Identifying the Discrepancy between Sources and PackagesArtifacts Available
Research Papers
Duc Ly Vu University of Trento, Fabio Massacci University of Trento; Vrije Universiteit Amsterdam, Ivan Pashchenko University of Trento, Henrik Plate SAP Security Research, Antonino Sabetta SAP Security Research
DOI
16:10
10m
Paper
A Grounded Theory of the Role of Coordination in Software Security Patch Management
Research Papers
Nesara Dissanayake , Mansooreh Zahedi University of Adelaide, Asangi Jayatilaka University of Adelaide, Muhammad Ali Babar University of Adelaide
DOI
16:20
10m
Paper
Infiltrating Security into Development: Exploring the World’s Largest Software Security Study
Industry Papers
Charles Weir Lancaster University, Sammy Migues Synopsys, Mike Ware Synopsys, Laurie Williams North Carolina State University
DOI
16:30
30m
Live Q&A
Q&A (Dependability—Software Security 1)
Research Papers

Sat 28 Aug

Displayed time zone: Athens change

04:00 - 05:00
Dependability—Software Security 1Research Papers / Industry Papers
Chair(s): Mehrdad Sabetzadeh University of Ottawa, David Lo Singapore Management University
04:00
10m
Paper
LastPyMile: Identifying the Discrepancy between Sources and PackagesArtifacts Available
Research Papers
Duc Ly Vu University of Trento, Fabio Massacci University of Trento; Vrije Universiteit Amsterdam, Ivan Pashchenko University of Trento, Henrik Plate SAP Security Research, Antonino Sabetta SAP Security Research
DOI
04:10
10m
Paper
A Grounded Theory of the Role of Coordination in Software Security Patch Management
Research Papers
Nesara Dissanayake , Mansooreh Zahedi University of Adelaide, Asangi Jayatilaka University of Adelaide, Muhammad Ali Babar University of Adelaide
DOI
04:20
10m
Paper
Infiltrating Security into Development: Exploring the World’s Largest Software Security Study
Industry Papers
Charles Weir Lancaster University, Sammy Migues Synopsys, Mike Ware Synopsys, Laurie Williams North Carolina State University
DOI
04:30
30m
Live Q&A
Q&A (Dependability—Software Security 1)
Research Papers