@inproceedings{a36cf457b01e4ac99ff3e7846e529151,
title = "A Human Error Based Approach to Understanding Programmer-Induced Software Vulnerabilities",
abstract = "Many security incidents can be traced back to software vulnerabilities, which can be described as security-related defects/bugs in the code that can potentially be exploited by the attackers to perform unauthorized actions. An analysis of vulnerability data disseminated by organizations such as NIST' s National Vulnerability (NVD) and SANS Institute shows that a majority of vulnerabilities can be traced back to a relatively small set of root causes mostly related to the repeated mistakes by the programmers. That is, programmers exhibit a pattern of erroneous coding practices or behavior which lead to vulnerable code. Cognitive Psychologists have long been studying these erroneous behavior patterns and have termed them as human cognition failures or simply, human errors. The primary goal of this paper is to propose a classification for the most frequently observed human errors committed by the programmers (the commitment of a human error can lead to injection of one or more security defects/bugs). Such a classification can be useful for software development organizations as they can train developers on the human errors so that developers can avoid committing the human errors themselves, thereby reducing the chances of vulnerability injection in their code.",
keywords = "cyber security, human error, secure software development, software engineering, survey, vulnerability",
author = "Vaibhav Anu and Sultana, {Kazi Zakia} and Samanthula, {Bharath K.}",
note = "Publisher Copyright: {\textcopyright} 2020 IEEE. Copyright: Copyright 2021 Elsevier B.V., All rights reserved.; 31st IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2020 ; Conference date: 12-10-2020 Through 15-10-2020",
year = "2020",
month = oct,
doi = "10.1109/ISSREW51248.2020.00036",
language = "English",
series = "Proceedings - 2020 IEEE 31st International Symposium on Software Reliability Engineering Workshops, ISSREW 2020",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "49--54",
editor = "Marco Vieira and Henrique Madeira and Nuno Antunes and Zheng Zheng",
booktitle = "Proceedings - 2020 IEEE 31st International Symposium on Software Reliability Engineering Workshops, ISSREW 2020",
}