Blogs (1) >>
ICSE 2019
Sat 25 - Fri 31 May 2019 Montreal, QC, Canada
Wed 29 May 2019 11:00 - 11:20 at Van-Horne - Security 1 Chair(s): Corina S Pasareanu

Though some software development teams are highly effective at delivering security, others either do not care or do not have access to security experts to teach them how. Unfortunately, these latter teams are still responsible for the security of the systems they build – systems that are ever more important to ever more people.
We propose that a series of lightweight interventions – six hours of facilitated workshops delivered over three months – can improve a team’s motivation to consider security and awareness of assurance techniques, changing its security culture even when no security experts are involved. The interventions were developed after an Appreciative Inquiry and Grounded Theory survey of security professionals to find out what approaches work best. They were then validated in fieldwork with a Participatory Action Research study that delivered the workshops to three development organizations. This approach has the potential to be applied by many development teams, improving the security of software worldwide.

Wed 29 May
Times are displayed in time zone: Eastern Time (US & Canada) change

11:00 - 12:30: Security 1Papers / Journal-First Papers / Technical Track / New Ideas and Emerging Results / Software Engineering in Practice at Van-Horne
Chair(s): Corina S PasareanuCarnegie Mellon University Silicon Valley, NASA Ames Research Center
11:00 - 11:20
Interventions for Software Security: Creating a Lightweight Program of Assurance Techniques for DevelopersSEIPIndustry Program
Software Engineering in Practice
Charles WeirLancaster University, Lynne BlairLancaster University, Ingolf BeckerUniversity College London, M. Angela SasseUniversity College London, James NobleVictoria University of Wellington, Awais RashidUniversity of Bristol, UK
11:20 - 11:40
Towards Better Utilizing Static Application Security TestingSEIPIndustry Program
Software Engineering in Practice
Jinqiu YangConcordia University, Montreal, Canada, Lin TanPurdue University, John PeytonHCL America, Kristofer A DuerAppScan Source
11:40 - 12:00
LEOPARD: Identifying Vulnerable Code for Vulnerability Assessment through Program MetricsTechnical Track
Technical Track
Xiaoning DuNanyang Technological University, Bihuan ChenFudan University, Yuekang LiNanyang Technological University, Jianmin GuoTsinghua University, Yaqin ZhouNanyang Technological University, Yang LiuNanyang Technological University, Singapore, Yu Jiang
12:00 - 12:10
A Screening Test for Disclosed Vulnerabilities in FOSS ComponentsIndustry ProgramJournal-First
Journal-First Papers
Stanislav DashevskyiUniversity of Luxembourg, Achim D. BruckerThe University of Sheffield, Fabio MassacciUniversity of Trento
Link to publication DOI Pre-print
12:10 - 12:20
VULTRON: Catching Vulnerable Smart Contracts Once and for AllNIER
New Ideas and Emerging Results
Haijun WangNanyang Technological University, Yi LiNanyang Technological University, Shang-Wei LinNanyang Technological University, Lei MaKyushu University, Yang LiuNanyang Technological University, Singapore
12:20 - 12:30
Discussion Period