Advertisement

Information Security in Software Engineering, Analysis of Developers Communications About Security in Social Q&A Website

  • Shahab BayatiEmail author
  • Marzieh Heidary
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9650)

Abstract

By the growth of Internet based applications, security becomes an important part of software application development. Software developers should apply security modules, frameworks and technologies on their applications to reduce the security risks, bugs and vulnerabilities. This paper focuses on data analysis on the software development social Q&A Website content around security to elaborate the current state and trend of security issues in software engineering. For this purpose Stack Overflow data as the largest Q&A is selected to analyze. A framework is proposed for data collection and analysis from Stack Overflow. The result of analysis is presented in different schematic and tabular views and a brief discussion on each result is illustrated.

Keywords

Software engineering Stack Overflow Information security Social Q&A Developers community 

References

  1. 1.
    Van Wyk, K.R., McGraw, G.: Bridging the gap between software development and information security. IEEE Secur. Priv. 3(5), 75–79 (2005)CrossRefGoogle Scholar
  2. 2.
    Gegick, M., Rotella, P., Xie, T.: Identifying security bug reports via text mining: an industrial case study. In: 2010 7th IEEE Working Conference on Mining Software Repositories (MSR). IEEE (2010)Google Scholar
  3. 3.
    Tsipenyuk, K., Chess, B., McGraw, G.: Seven pernicious kingdoms: a taxonomy of software security errors. IEEE Secur. Priv. 3(6), 81–84 (2005)CrossRefGoogle Scholar
  4. 4.
    Zagalsky, A., Barzilay, O., Yehudai, A.: Example overflow: Using social media for code recommendation. In: Proceedings of the Third International Workshop on Recommendation Systems for Software Engineering. IEEE Press (2012)Google Scholar
  5. 5.
    Stevens, R., et al.: Asking for (and about) permissions used by android apps. In: Proceedings of the 10th Working Conference on Mining Software Repositories. IEEE Press (2013)Google Scholar
  6. 6.
    Asaduzzaman, M., et al.: Answering questions about unanswered questions of stack overflow. In: Proceedings of the 10th Working Conference on Mining Software Repositories. IEEE Press (2013)Google Scholar
  7. 7.
    Bosu, A., et al.: Building reputation in stackoverflow: an empirical investigation. In: Proceedings of the 10th Working Conference on Mining Software Repositories. IEEE Press (2013)Google Scholar
  8. 8.
    Allamanis, M., Sutton, C.: Why, when, and what: analyzing stack overflow questions by topic, type, and code. In: Proceedings of the 10th Working Conference on Mining Software Repositories. IEEE Press (2013)Google Scholar
  9. 9.
    Venkataramani, R., et al.: Discovery of technical expertise from open source code repositories. In: Proceedings of the 22nd International Conference on World Wide Web companion. International World Wide Web Conferences Steering Committee (2013)Google Scholar
  10. 10.
    Linares-Vásquez, M., Dit, B., Poshyvanyk, D.: An exploratory analysis of mobile development issues using stack overflow. In: Proceedings of the 10th Working Conference on Mining Software Repositories. IEEE Press (2013)Google Scholar
  11. 11.
    Behl, D., Handa, S., Arora. A.: A bug Mining tool to identify and analyze security bugs using Naive Bayes and TF-IDF. In: 2014 International Conference on Optimization, Reliabilty, and Information Technology (ICROIT). IEEE (2014)Google Scholar
  12. 12.
    Ohira, M., et al.: A dataset of high impact bugs: manually-classified issue reports (2014)Google Scholar
  13. 13.
    Zaman, S., Adams, B., Hassan, A.E.: Security versus performance bugs: a case study on firefox. In: Proceedings of the 8th Working Conference on Mining Software Repositories. ACM (2011)Google Scholar
  14. 14.
    Zhao, Y., et al.: A new strategy to defense against SSLStrip for Android. In: 2013 15th IEEE International Conference on Communication Technology (ICCT). IEEE (2013)Google Scholar
  15. 15.
    Sinha, V.S., et al.: Detecting and mitigating secret-key leaks in source code repositories. In: Proceedings of the 12th Working Conference on Mining Software Repositories. IEEE Press (2015)Google Scholar
  16. 16.
    Camilo, F., Meneely, A., Nagappan, M.: Do bugs foreshadow vulnerabilities? a study of the chromium project. In: 2015 IEEE/ACM 12th Working Conference on Mining Software Repositories (MSR). IEEE (2015)Google Scholar
  17. 17.
    Pletea, D., Vasilescu, B., Serebrenik, A.: Security and emotion: sentiment analysis of security discussions on GitHub. In: Proceedings of the 11th Working Conference on Mining Software Repositories. ACM (2014)Google Scholar
  18. 18.
    Kissel, R.: Glossary of key information security terms. DIANE Publishing, Collingdale (2011)CrossRefGoogle Scholar
  19. 19.
    Raskin, V., et al.: Ontology in information security: a useful theoretical foundation and methodological tool. In: Proceedings of the 2001 workshop on New security paradigms. ACM (2011)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.ISOM Department, Business SchoolThe University of AucklandAucklandNew Zealand
  2. 2.IT DepartmentSparkAucklandNew Zealand

Personalised recommendations