Blogs (1) >>
ICSE 2019
Sat 25 - Fri 31 May 2019 Montreal, QC, Canada
Wed 29 May 2019 11:00 - 11:20 at Van-Horne - Security 1 Chair(s): Corina S. Păsăreanu

Though some software development teams are highly effective at delivering security, others either do not care or do not have access to security experts to teach them how. Unfortunately, these latter teams are still responsible for the security of the systems they build – systems that are ever more important to ever more people.
We propose that a series of lightweight interventions – six hours of facilitated workshops delivered over three months – can improve a team’s motivation to consider security and awareness of assurance techniques, changing its security culture even when no security experts are involved. The interventions were developed after an Appreciative Inquiry and Grounded Theory survey of security professionals to find out what approaches work best. They were then validated in fieldwork with a Participatory Action Research study that delivered the workshops to three development organizations. This approach has the potential to be applied by many development teams, improving the security of software worldwide.

Wed 29 May

Displayed time zone: Eastern Time (US & Canada) change

11:00 - 12:30
Security 1Journal-First Papers / Papers / Technical Track / New Ideas and Emerging Results / Software Engineering in Practice at Van-Horne
Chair(s): Corina S. Păsăreanu Carnegie Mellon University Silicon Valley, NASA Ames Research Center
11:00
20m
Talk
Interventions for Software Security: Creating a Lightweight Program of Assurance Techniques for DevelopersSEIPIndustry Program
Software Engineering in Practice
Charles Weir Lancaster University, Lynne Blair Lancaster University, Ingolf Becker University College London, M. Angela Sasse University College London, James Noble Victoria University of Wellington, Awais Rashid University of Bristol, UK
11:20
20m
Talk
Towards Better Utilizing Static Application Security TestingSEIPIndustry Program
Software Engineering in Practice
Jinqiu Yang Concordia University, Montreal, Canada, Lin Tan Purdue University, John Peyton HCL America, Kristofer A Duer AppScan Source
11:40
20m
Talk
LEOPARD: Identifying Vulnerable Code for Vulnerability Assessment through Program MetricsTechnical Track
Technical Track
Xiaoning Du Nanyang Technological University, Bihuan Chen Fudan University, Yuekang Li Nanyang Technological University, Jianmin Guo Tsinghua University, Yaqin Zhou Nanyang Technological University, Yang Liu Nanyang Technological University, Singapore, Yu Jiang
12:00
10m
Talk
A Screening Test for Disclosed Vulnerabilities in FOSS ComponentsIndustry ProgramJournal-First
Journal-First Papers
Stanislav Dashevskyi University of Luxembourg, Achim D. Brucker The University of Sheffield, Fabio Massacci University of Trento
Link to publication DOI Pre-print
12:10
10m
Talk
VULTRON: Catching Vulnerable Smart Contracts Once and for AllNIER
New Ideas and Emerging Results
Haijun Wang Nanyang Technological University, Yi Li Nanyang Technological University, Shang-Wei Lin Nanyang Technological University, Lei Ma Kyushu University, Yang Liu Nanyang Technological University, Singapore
12:20
10m
Talk
Discussion Period
Papers