Predicting Security-Vulnerable Developers Based on Their Techno-Behavioral Characteristics

Predicting Security-Vulnerable Developers Based on Their Techno-Behavioral Characteristics

M. D. J. S. Goonetillake (School of Computing, University of Colombo, Sri Lanka), Rangana Jayashanka (School of Computing, University of Colombo, Sri Lanka) and S. V. Rathnayaka (School of Computing, University of Colombo, Sri Lanka)
Copyright: © 2022 |Pages: 26
DOI: 10.4018/IJISP.2022010103
OnDemand PDF Download:
Available
$37.50
No Current Special Offers
TOTAL SAVINGS: $37.50

Abstract

Assigning developers for highly secured software projects requires identifying developers’ tendency to contribute towards vulnerable software codes called developer-centric security vulnerability to mitigate issues on human resource management, financial and project timelines. There are problems in assessing the previous codebases in evaluating the developer-centric security vulnerability level of each developer. Thus, this paper suggests a method to evaluate this through the techno-behavioral features of their previous projects. Consequently, we present results of an exploratory study of the developer-centric security vulnerability level prediction using a dataset of 1827 developers by logically selecting 13 techno-behavioral features. Our results depict that there is a correlation between techno-behavioral features and developer-centric security vulnerability with 89.46% accuracy. This model enables to predict developer-centric security vulnerability level of any developer if the required techno-behavioral features are available avoiding the analysis of his/her previous codebases.
Article Preview
Top

Introduction

Computer software should satisfy two types of requirements in the application domain namely functional and non-functional requirements. Both are equally important to be satisfied regardless of their operational industry domain. Moreover, software quality has been described by many characteristic aspects. There are several metrics for software quality that can be used to evaluate the qualities of software such as scalability, security, reliability, and usability (Gorton, 2011). Among all these quality metrics, software security has been described as one of the most significant quality attribute (Stephenson et al., 1992) since, a security vulnerability can be a cause of a huge disaster which can lose billion dollars of assets (Willetts, 2014) to an organization or even lives (Csulak et al., 2017). Generally, functional issues in a software which can be considered as causing defects in software are possible to be tested and validated by executing test scenarios of the business logic. However, non-functional issues which can be considered as causing vulnerability in the software are difficult to identify since it may not get exposed by the execution of predetermined test scenarios (Zimmermann et al., 2010; Krsul, 1998). It should be noted that the term ‘software vulnerability’ is mainly referred to in the computing domain concerning a security flaw, glitch, or weakness found in software or in an operating system (OS) that can lead to security concerns.

Although many Computer-Aided Software Engineering (CASE) tools are available, humans still dominate as the core contributors of the software development process. To this end, it is an inevitably applicable scenario that software is vulnerable to functional and non-functional defects due to human mistakes. Software defects and vulnerabilities have many similarities since both are incurred due to human mistakes. However, vulnerabilities differ from defects since they are actively observed by the attackers with malicious and criminal intent while defects are exposed through the valid use cases of its normal usage (Krsul, 1998). The vulnerability of a software application could occur at any stage of the software development life cycle and may be introduced due to various reasons such as invalid requirement specification, weak architectural designs, weak and vulnerable implementation techniques, and algorithms and weak test scenarios executed. In this study, the focus is scoped on vulnerabilities that the developer has caused or contributed to source code of the software. Each software developer has a unique skill level, experience, capacity, technology interests, domain interests, and many other characteristics which can affect the overall quality of the software positively or negatively that he/she develops.

Complete Article List

Search this Journal:
Reset
Open Access Articles
Volume 16: 4 Issues (2022): 1 Released, 3 Forthcoming
Volume 15: 4 Issues (2021)
Volume 14: 4 Issues (2020)
Volume 13: 4 Issues (2019)
Volume 12: 4 Issues (2018)
Volume 11: 4 Issues (2017)
Volume 10: 4 Issues (2016)
Volume 9: 4 Issues (2015)
Volume 8: 4 Issues (2014)
Volume 7: 4 Issues (2013)
Volume 6: 4 Issues (2012)
Volume 5: 4 Issues (2011)
Volume 4: 4 Issues (2010)
Volume 3: 4 Issues (2009)
Volume 2: 4 Issues (2008)
Volume 1: 4 Issues (2007)
View Complete Journal Contents Listing