Security Testing in The Wild: An Interview Study

Dario Di Dario, Valeria Pontillo, Stefano Lambiase, Filomena Ferrucci, Fabio Palomba

Research output: Chapter in Book/Report/Conference proceedingConference paperResearch

1 Citation (Scopus)

Abstract

Modern software systems are increasingly complex and the risk of falling into security concerns is high if these systems are not developed with a proper security mindset. Despite the empirical studies and security-oriented approaches proposed by researchers and tool vendors, we still point out a lack of knowledge on the security testing processes applied by companies to reduce risks connected to software security. In this paper, we aim to bridge this gap of knowledge by performing an interview-based study with 19 security experts to understand how companies arrange security testing and how the process of security testing is actually performed in practice. Our results highlight that some companies incorporated the figure of the security tester in the software life cycle, yet practitioners reported a lack of standardized guidelines for security testing. From a management perspective, our results suggest that the introduction of formal communication between development and security testing teams may lead to better performance.
Original languageEnglish
Title of host publicationEuromicro Conference on Software Engineering and Advanced Applications
PublisherIEEE Explore
Pages191-198
Number of pages8
ISBN (Electronic)979-8-3503-4235-2
DOIs
Publication statusPublished - 2023
EventEuromicro Conference on Software Engineering and Advanced Applications - Durres, Albania
Duration: 6 Sep 2023 → …
Conference number: 49
https://dsd-seaa2023.com/

Publication series

NameProceedings - 2023 49th Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2023

Conference

ConferenceEuromicro Conference on Software Engineering and Advanced Applications
Abbreviated titleSEAA
Country/TerritoryAlbania
CityDurres
Period6/09/23 → …
Internet address

Bibliographical note

Funding Information:
This work has been partially supported by (i) the Swiss National Science Foundation - SNF Project No. PZ00P2 186090 (ii) the project SERICS (PE00000014) under the NRRP MUR program funded by the EU - NGEU.

Publisher Copyright:
© 2023 IEEE.

Keywords

  • Security Testing
  • Software Vulnerability
  • Project Management
  • Software Organizational Structures

Fingerprint

Dive into the research topics of 'Security Testing in The Wild: An Interview Study'. Together they form a unique fingerprint.

Cite this