A Human Error Based Approach to Understanding Programmer-Induced Software Vulnerabilities

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

7 Scopus citations

Abstract

Many security incidents can be traced back to software vulnerabilities, which can be described as security-related defects/bugs in the code that can potentially be exploited by the attackers to perform unauthorized actions. An analysis of vulnerability data disseminated by organizations such as NIST' s National Vulnerability (NVD) and SANS Institute shows that a majority of vulnerabilities can be traced back to a relatively small set of root causes mostly related to the repeated mistakes by the programmers. That is, programmers exhibit a pattern of erroneous coding practices or behavior which lead to vulnerable code. Cognitive Psychologists have long been studying these erroneous behavior patterns and have termed them as human cognition failures or simply, human errors. The primary goal of this paper is to propose a classification for the most frequently observed human errors committed by the programmers (the commitment of a human error can lead to injection of one or more security defects/bugs). Such a classification can be useful for software development organizations as they can train developers on the human errors so that developers can avoid committing the human errors themselves, thereby reducing the chances of vulnerability injection in their code.

Original languageEnglish
Title of host publicationProceedings - 2020 IEEE 31st International Symposium on Software Reliability Engineering Workshops, ISSREW 2020
EditorsMarco Vieira, Henrique Madeira, Nuno Antunes, Zheng Zheng
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages49-54
Number of pages6
ISBN (Electronic)9781728198705
DOIs
StatePublished - Oct 2020
Event31st IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2020 - Virtual, Coimbra, Portugal
Duration: 12 Oct 202015 Oct 2020

Publication series

NameProceedings - 2020 IEEE 31st International Symposium on Software Reliability Engineering Workshops, ISSREW 2020

Conference

Conference31st IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2020
Country/TerritoryPortugal
CityVirtual, Coimbra
Period12/10/2015/10/20

Keywords

  • cyber security
  • human error
  • secure software development
  • software engineering
  • survey
  • vulnerability

Fingerprint

Dive into the research topics of 'A Human Error Based Approach to Understanding Programmer-Induced Software Vulnerabilities'. Together they form a unique fingerprint.

Cite this