Abstract
Modern software systems are increasingly complex and the risk of falling into security concerns is high if these systems are not developed with a proper security mindset. Despite the empirical studies and security-oriented approaches proposed by researchers and tool vendors, we still point out a lack of knowledge on the security testing processes applied by companies to reduce risks connected to software security. In this paper, we aim to bridge this gap of knowledge by performing an interview-based study with 19 security experts to understand how companies arrange security testing and how the process of security testing is actually performed in practice. Our results highlight that some companies incorporated the figure of the security tester in the software life cycle, yet practitioners reported a lack of standardized guidelines for security testing. From a management perspective, our results suggest that the introduction of formal communication between development and security testing teams may lead to better performance.
Original language | English |
---|---|
Title of host publication | Euromicro Conference on Software Engineering and Advanced Applications |
Publisher | IEEE Explore |
Pages | 191-198 |
Number of pages | 8 |
ISBN (Electronic) | 979-8-3503-4235-2 |
DOIs | |
Publication status | Published - 2023 |
Event | Euromicro Conference on Software Engineering and Advanced Applications - Durres, Albania Duration: 6 Sep 2023 → … Conference number: 49 https://dsd-seaa2023.com/ |
Publication series
Name | Proceedings - 2023 49th Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2023 |
---|
Conference
Conference | Euromicro Conference on Software Engineering and Advanced Applications |
---|---|
Abbreviated title | SEAA |
Country/Territory | Albania |
City | Durres |
Period | 6/09/23 → … |
Internet address |
Bibliographical note
Funding Information:This work has been partially supported by (i) the Swiss National Science Foundation - SNF Project No. PZ00P2 186090 (ii) the project SERICS (PE00000014) under the NRRP MUR program funded by the EU - NGEU.
Publisher Copyright:
© 2023 IEEE.
Keywords
- Security Testing
- Software Vulnerability
- Project Management
- Software Organizational Structures