Advanced search
1 file | 1.34 MB Add to list

Sensei: Enforcing secure coding guidelines in the integrated development environment

Author
Organization
Abstract
We discuss the potential benefits, requirements, and implementation challenges of a security-by-design approach in which an integrated development environment (IDE) plugin assists software developers to write code that complies with secure coding guidelines. We discuss how such a plugin can enable a company's policy-setting security experts and developers to pass their knowledge on to each other more efficiently, and to let developers more effectively put that knowledge into practice. This is achieved by letting the team members develop customized rule sets that formalize coding guidelines and by letting the plugin check the compliance of code being written to those rule sets in real time, similar to an as-you-type spell checker. Upon detected violations, the plugin suggests options to quickly fix them and offers additional information for the developer. We share our experience with proof-of-concept designs and implementations rolled out in multiple companies, and present some future research and development directions.
Keywords
security by design, software development, IDE support, coding guidelines

Downloads

  • (...).pdf
    • full text (Accepted manuscript)
    • |
    • UGent only
    • |
    • PDF
    • |
    • 1.34 MB

Citation

Please use this url to cite or link to this publication:

MLA
De Cremer, Pieter, et al. “Sensei: Enforcing Secure Coding Guidelines in the Integrated Development Environment.” Software: Practice and Experience, 2020, doi:10.1002/spe.2844.
APA
De Cremer, P., Madou, M., Desmet, N., & De Sutter, B. (2020). Sensei: Enforcing secure coding guidelines in the integrated development environment. Software: Practice and Experience. https://doi.org/10.1002/spe.2844
Chicago author-date
De Cremer, Pieter, Matias Madou, Nathan Desmet, and Bjorn De Sutter. 2020. “Sensei: Enforcing Secure Coding Guidelines in the Integrated Development Environment.” Software: Practice and Experience. https://doi.org/10.1002/spe.2844.
Chicago author-date (all authors)
De Cremer, Pieter, Matias Madou, Nathan Desmet, and Bjorn De Sutter. 2020. “Sensei: Enforcing Secure Coding Guidelines in the Integrated Development Environment.” Software: Practice and Experience. doi:10.1002/spe.2844.
Vancouver
1.
De Cremer P, Madou M, Desmet N, De Sutter B. Sensei: Enforcing secure coding guidelines in the integrated development environment. Software: Practice and Experience. 2020;
IEEE
[1]
P. De Cremer, M. Madou, N. Desmet, and B. De Sutter, “Sensei: Enforcing secure coding guidelines in the integrated development environment,” Software: Practice and Experience, 2020.
@article{8668154,
  abstract     = {We discuss the potential benefits, requirements, and implementation challenges of a security-by-design approach in which an integrated development environment (IDE) plugin assists software developers to write code that complies with secure coding guidelines. We discuss how such a plugin can enable a company's policy-setting security experts and developers to pass their knowledge on to each other more efficiently, and to let developers more effectively put that knowledge into practice. This is achieved by letting the team members develop customized rule sets that formalize coding guidelines and by letting the plugin check the compliance of code being written to those rule sets in real time, similar to an as-you-type spell checker. Upon detected violations, the plugin suggests options to quickly fix them and offers additional information for the developer. We share our experience with proof-of-concept designs and implementations rolled out in multiple companies, and present some future research and development directions.},
  author       = {De Cremer, Pieter and Madou, Matias and Desmet, Nathan and De Sutter, Bjorn},
  issn         = {0038-0644},
  journal      = {Software: Practice and Experience},
  keywords     = {security by design,software development,IDE support,coding guidelines},
  language     = {eng},
  title        = {Sensei: Enforcing secure coding guidelines in the integrated development environment},
  url          = {http://dx.doi.org/10.1002/spe.2844},
  year         = {2020},
}

Altmetric
View in Altmetric