Why Developers Insert Security Vulnerabilities into Their Code

Author

Karppinen, Kaarina ; Yonkwa, Lyly ; Lindvall, Mikael

Author_Institution

VTT Tech. Res., Centre of Finland

fYear

2009

fDate

1-7 Feb. 2009

Firstpage

289

Lastpage

294

Abstract

Modern software systems are difficult to test due to their distributed nature, and increased security complicates testing even further. Our hypothesis is that some security vulnerabilities are actually introduced due to developerspsila need to facilitate testing that software requirements have been implemented correctly. If these temporary security vulnerabilities are not removed before the software is delivered, there is a great risk that they may become fielded security vulnerabilities.In this paper, we study the relationship between such security vulnerabilities and developers´ need to improve the testability of an application to facilitate unit and integration testing. We trace detected vulnerabilities to characteristics of the software that made testing difficult and therefore led to testability improvements. We discuss how the need to increase testability may relate to a form of developer usability, and what the ways of dealing with the problem of security vulnerabilities as a consequence of increasing testability are.

Keywords

program testing; security of data; software reliability; security vulnerabilities; software requirements; software systems; software testing; testability improvements; Application software; Computer security; Data security; Distributed computing; Humans; Software systems; Software testing; Spatial databases; System testing; Usability; Security; testability; usability;

fLanguage

English

Publisher

ieee

Conference_Titel

Advances in Computer-Human Interactions, 2009. ACHI '09. Second International Conferences on

Conference_Location

Cancun

Print_ISBN

978-1-4244-3351-3

Electronic_ISBN

978-0-7695-3529-6

Type

conf

DOI

10.1109/ACHI.2009.18

Filename

4782528