Security notifications in static analysis tools: Developers' attitudes, comprehension, and ability to act on them

M Tahaei, K Vaniea, K Beznosov… - Proceedings of the 2021 …, 2021 - dl.acm.org
Static analysis tools (SATs) have the potential to assist developers in finding and fixing
vulnerabilities in the early stages of software development, requiring them to be able to …

Understanding Hackers' Work: An Empirical Study of Offensive Security Practitioners

A Happe, J Cito - Proceedings of the 31st ACM Joint European Software …, 2023 - dl.acm.org
Offensive security-tests are commonly employed to pro-actively discover potential
vulnerabilities. They are performed by specialists, also known as penetration-testers or white …

[HTML][HTML] Coordinated vulnerability disclosure programme effectiveness: Issues and recommendations

T Walshe, AC Simpson - Computers & Security, 2022 - Elsevier
Abstract Coordinated Vulnerability Disclosure (CVD) programmes leverage a global network
of independent security researchers (hackers) to support pre-and post-deployment security …

[PDF][PDF] The security mindset: characteristics, development, and consequences

K Schoenmakers, D Greene, S Stutterheim… - Journal of …, 2023 - academic.oup.com
The world is facing a cybersecurity skills gap as cybercrime and cyberwarfare grow in
importance. One often-discussed quality that is potentially relevant to cybersecurity …

Trustworthiness models to categorize and prioritize code for security improvement

N Medeiros, N Ivaki, P Costa, M Vieira - Journal of Systems and Software, 2023 - Elsevier
The exploitation of software security vulnerabilities can have severe consequences. Thus, it
is crucial to devise new processes, techniques, and tools to support teams in the …

Securing agile: Assessing the impact of security activities on agile development

A Thool, C Brown - Proceedings of the 28th International Conference on …, 2024 - dl.acm.org
Software systems are expected to be secure and robust. To verify and ensure software
security, it is vital to include security activities, or development practices to detect and …

AutoRed: Automating Red Team Assessment via Strategic Thinking Using Reinforcement Learning

K Hasegawa, S Hidano, K Fukushima - Proceedings of the Fourteenth …, 2024 - dl.acm.org
As security risks to network systems have grown, red team assessment has emerged as a
powerful methodology for discovering vulnerabilities. Such assessments are difficult to …

[PDF][PDF] Challenges of DevSecOps

C Colliander - English. Master's thesis. University of Helsinki …, 2022 - helda.helsinki.fi
The field of software development has experienced a push towards ever faster software
releases (Hüttermann, 2012). With the need to release software faster to the market, the …

Artificial Intelligence Cyberattacks in Red Teaming: A Scoping Review

M Al-Azzawi, D Doan, T Sipola, J Hautamäki… - World Conference on …, 2024 - Springer
Advances in artificial intelligence are creating possibilities to use these methods in red team
activities, such as cyberattacks. These AI attacks can automate the process of penetrating a …

Artificial Intelligence in Red Teaming

M Al-Azzawi - 2024 - theseus.fi
Red teaming involves simulating real world attacks on targets such as organizations,
infrastructure, or individuals to test their defences and assess the vulnerabilities. Artificial …