Progress report on the experimental evaluation of security inspection guidance

E
ESEM
2009
2009 3rd International Symposium on Empirical Software Engineering and Measurement
Abstract - Progress report on the experimental evaluation of security inspection guidance

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Frank Elberzhager Articles by Marek Jawurek Articles by Christian Jung Articles by Alexander Klaus

2009 3rd International Symposium on Empirical Software Engineering and Measurement

Lake Buena Vista, FL, USA

October 15-October 16

ISBN: 978-1-4244-4842-5

	ASCII Text	x
	Frank Elberzhager, Marek Jawurek, Christian Jung, Alexander Klaus, "Progress report on the experimental evaluation of security inspection guidance," Empirical Software Engineering and Measurement, International Symposium on, pp. 485-489, 2009 3rd International Symposium on Empirical Software Engineering and Measurement, 2009.

	BibTex	x
	@article{ 10.1109/ESEM.2009.5314239, author = {Frank Elberzhager and Marek Jawurek and Christian Jung and Alexander Klaus}, title = {Progress report on the experimental evaluation of security inspection guidance}, journal ={Empirical Software Engineering and Measurement, International Symposium on}, volume = {0}, year = {2009}, isbn = {978-1-4244-4842-5}, pages = {485-489}, doi = {http://doi.ieeecomputersociety.org/10.1109/ESEM.2009.5314239}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Empirical Software Engineering and Measurement, International Symposium on TI - Progress report on the experimental evaluation of security inspection guidance SN - 978-1-4244-4842-5 SP485 EP489 A1 - Frank Elberzhager, A1 - Marek Jawurek, A1 - Christian Jung, A1 - Alexander Klaus, PY - 2009 VL - 0 JA - Empirical Software Engineering and Measurement, International Symposium on ER -

Frank Elberzhager, Fraunhofer Institute for Experimental Software Engineering Kaiserslautern, Germany

Marek Jawurek, Fraunhofer Institute for Experimental Software Engineering Kaiserslautern, Germany

Christian Jung, Fraunhofer Institute for Experimental Software Engineering Kaiserslautern, Germany

Alexander Klaus, Fraunhofer Institute for Experimental Software Engineering Kaiserslautern, Germany

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ESEM.2009.5314239

Although security inspections have proven to be a very efficient means for assuring software security early in the software development lifecycle, they are not used extensively because they usually need to be performed by security experts, who are few and thus expensive. Adoption of security inspections could be facilitated if one could encapsulate the expertise and experience of security experts as guidance for security inspections performed by software developers. Our approach to addressing this challenge consists of two different kinds of reading support that provide the required guidance to software developers: Vulnerability Inspection Diagram (VID) and Security Inspection Scenario (SIS). In this article, we sketch our initial experimental evaluation of VIDs and SIS with a group of software developers of an industrial project partner. We present the setup and the experiment's results. In addition, we describe the implications of our results on future work regarding the approach and further evaluation.

Citation:

Frank Elberzhager, Marek Jawurek, Christian Jung, Alexander Klaus, "Progress report on the experimental evaluation of security inspection guidance," esem, pp.485-489, 2009 3rd International Symposium on Empirical Software Engineering and Measurement, 2009

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.