INFO:

Security During Application Development: an Application Security Expert Perspective Tyler W. Thomas, Madiha Tabassum, Bill Chu, Heather Lipford CHI '18: ACM CHI Conference on Human Factors in Computing Systems Session: Trust and Security in Practice Abstract Many of the security problems that people face today, such as security breaches and data theft, are caused by security vulnerabilities in application source code. Thus, there is a need to understand and improve the experiences of those who can prevent such vulnerabilities in the first place - software developers as well as application security experts. Several studies have examined developers' perceptions and behaviors regarding security vulnerabilities, demonstrating the challenges they face in performing secure programming and utilizing tools for vulnerability detection. We expand upon this work by focusing on those primarily responsible for application security - security auditors. In an interview study of 32 application security experts, we examine their views on application security processes, their workflows, and their interactions with developers in order to further inform the design of tools and processes to improve application security. DOI: https://doi.org/10.1145/3173574.3173836 WEB: https://chi2018.acm.org/