The survey that we have planned
will consist of two sets of questions, which will be as follows:
- The first set of questions will be on developer awareness with respect to software security.
- The second set of questions will center on the expectations/requirements of a tool that will parse through the code-base of an application and indicate to the developers the fragments where there is a potential for attack based on the CWE top 25 techniques.
Once the responses have been
obtained, we plan to statistically analyze them to substantiate our hypothesis
that developers are in general unaware of the CWE identifiers and instead would
be better off using a tool like the one we have proposed to build to minimize
security vulnerabilities in their software.
We plan to analyze the second
set of responses which are user expectations and prioritize them based on responses
that had the highest consensus amongst the participants.
The prioritized requirements
will form the basic vision for the tool we plan to develop and act as guidance
for meeting the user expectations/requirements during the course of
development.
No comments:
Post a Comment