当前位置:
X-MOL 学术
›
arXiv.cs.CR
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
An Empirical Study of Developers' Discussions about Security Challenges of Different Programming Languages
arXiv - CS - Cryptography and Security Pub Date : 2021-07-29 , DOI: arxiv-2107.13723 Roland Croft, Yongzheng Xie, Mansooreh Zahedi, M. Ali Babar, Christoph Treude
arXiv - CS - Cryptography and Security Pub Date : 2021-07-29 , DOI: arxiv-2107.13723 Roland Croft, Yongzheng Xie, Mansooreh Zahedi, M. Ali Babar, Christoph Treude
Given programming languages can provide different types and levels of
security support, it is critically important to consider security aspects while
selecting programming languages for developing software systems. Inadequate
consideration of security in the choice of a programming language may lead to
potential ramifications for secure development. Whilst theoretical analysis of
the supposed security properties of different programming languages has been
conducted, there has been relatively little effort to empirically explore the
actual security challenges experienced by developers. We have performed a
large-scale study of the security challenges of 15 programming languages by
quantitatively and qualitatively analysing the developers' discussions from
Stack Overflow and GitHub. By leveraging topic modelling, we have derived a
taxonomy of 18 major security challenges for 6 topic categories. We have also
conducted comparative analysis to understand how the identified challenges vary
regarding the different programming languages and data sources. Our findings
suggest that the challenges and their characteristics differ substantially for
different programming languages and data sources, i.e., Stack Overflow and
GitHub. The findings provide evidence-based insights and understanding of
security challenges related to different programming languages to software
professionals (i.e., practitioners or researchers). The reported taxonomy of
security challenges can assist both practitioners and researchers in better
understanding and traversing the secure development landscape. This study
highlights the importance of the choice of technology, e.g., programming
language, in secure software engineering. Hence, the findings are expected to
motivate practitioners to consider the potential impact of the choice of
programming languages on software security.
中文翻译:
开发者讨论不同编程语言安全挑战的实证研究
鉴于编程语言可以提供不同类型和级别的安全支持,因此在选择用于开发软件系统的编程语言时考虑安全方面至关重要。在选择编程语言时对安全性考虑不足可能会导致安全开发的潜在后果。虽然已经对不同编程语言的假定安全属性进行了理论分析,但对开发人员所经历的实际安全挑战进行实证探索的努力相对较少。我们通过定量和定性分析来自 Stack Overflow 和 GitHub 的开发人员的讨论,对 15 种编程语言的安全挑战进行了大规模研究。通过利用主题建模,我们为 6 个主题类别得出了 18 个主要安全挑战的分类法。我们还进行了比较分析,以了解已识别的挑战在不同编程语言和数据源方面的差异。我们的研究结果表明,对于不同的编程语言和数据源,即 Stack Overflow 和 GitHub,挑战及其特征存在很大差异。研究结果为软件专业人员(即从业人员或研究人员)提供了基于证据的洞察力和对与不同编程语言相关的安全挑战的理解。报告的安全挑战分类可以帮助从业者和研究人员更好地理解和遍历安全发展格局。这项研究强调了技术选择的重要性,例如,安全软件工程中的编程语言。因此,预计这些发现将激励从业者考虑编程语言的选择对软件安全性的潜在影响。
更新日期:2021-07-30
中文翻译:
开发者讨论不同编程语言安全挑战的实证研究
鉴于编程语言可以提供不同类型和级别的安全支持,因此在选择用于开发软件系统的编程语言时考虑安全方面至关重要。在选择编程语言时对安全性考虑不足可能会导致安全开发的潜在后果。虽然已经对不同编程语言的假定安全属性进行了理论分析,但对开发人员所经历的实际安全挑战进行实证探索的努力相对较少。我们通过定量和定性分析来自 Stack Overflow 和 GitHub 的开发人员的讨论,对 15 种编程语言的安全挑战进行了大规模研究。通过利用主题建模,我们为 6 个主题类别得出了 18 个主要安全挑战的分类法。我们还进行了比较分析,以了解已识别的挑战在不同编程语言和数据源方面的差异。我们的研究结果表明,对于不同的编程语言和数据源,即 Stack Overflow 和 GitHub,挑战及其特征存在很大差异。研究结果为软件专业人员(即从业人员或研究人员)提供了基于证据的洞察力和对与不同编程语言相关的安全挑战的理解。报告的安全挑战分类可以帮助从业者和研究人员更好地理解和遍历安全发展格局。这项研究强调了技术选择的重要性,例如,安全软件工程中的编程语言。因此,预计这些发现将激励从业者考虑编程语言的选择对软件安全性的潜在影响。
京公网安备 11010802027423号