In:
Software: Practice and Experience, Wiley, Vol. 50, No. 9 ( 2020-09), p. 1682-1718
Abstract:
We discuss the potential benefits, requirements, and implementation challenges of a security‐by‐design approach in which an integrated development environment plugin assists software developers to write code that complies with secure coding guidelines. We discuss how such a plugin can enable a company's policy‐setting security experts and developers to pass their knowledge on to each other more efficiently, and to let developers more effectively put that knowledge into practice. This is achieved by letting the team members develop customized rule sets that formalize coding guidelines and by letting the plugin check the compliance of code being written to those rule sets in real time, similar to an as‐you‐type spell checker. Upon detected violations, the plugin suggests options to quickly fix them and offers additional information for the developer. We share our experience with proof‐of‐concept designs and implementations rolled out in multiple companies, and present some future research and development directions.
Type of Medium:
Online Resource
ISSN:
0038-0644
,
1097-024X
Language:
English
Publisher:
Wiley
Publication Date:
2020
detail.hit.zdb_id:
120252-2
detail.hit.zdb_id:
1500326-7
