Sonnekalb, Tim and Heinze, Thomas S. and Kurnatowski, Lynn and Schreiber, Andreas and Gonzalez-Barahona, Jesus M. and Packer, Heather (2020) Towards Automated, Provenance-Driven Security Audit for git-Based Repositories: Applied to Germany's Corona-Warn-App: Vision Paper. In: 3rd ACM SIGSOFT International Workshop on Security Awareness from Design to Deployment, SEAD 2020, pp. 15-18. ACM. 3rd ACM SIGSOFT International Workshop on Software Security from Design to Deployment, 9. Nov. 2020, Virtual. doi: 10.1145/3416507.3423190. ISBN 978-1-4503-8126-0.
![]() |
PDF
755kB |
Official URL: https://doi.org/10.1145/3416507.3423190
Abstract
Software repositories contain information about source code, software development processes, and team interactions. We combine provenance of the development process with code security analysis to automatically discover insights. This provides fast feedback on the software's design and security issues, which we evaluate on projects that are developed under time pressure, such as Germany's COVID-19 contact tracing app 'Corona-Warn-App'.
Item URL in elib: | https://elib.dlr.de/137400/ | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Document Type: | Conference or Workshop Item (Speech) | ||||||||||||||||||||||||||||
Title: | Towards Automated, Provenance-Driven Security Audit for git-Based Repositories: Applied to Germany's Corona-Warn-App: Vision Paper | ||||||||||||||||||||||||||||
Authors: |
| ||||||||||||||||||||||||||||
Date: | 2020 | ||||||||||||||||||||||||||||
Journal or Publication Title: | 3rd ACM SIGSOFT International Workshop on Security Awareness from Design to Deployment, SEAD 2020 | ||||||||||||||||||||||||||||
Refereed publication: | Yes | ||||||||||||||||||||||||||||
Open Access: | Yes | ||||||||||||||||||||||||||||
Gold Open Access: | No | ||||||||||||||||||||||||||||
In SCOPUS: | No | ||||||||||||||||||||||||||||
In ISI Web of Science: | No | ||||||||||||||||||||||||||||
DOI: | 10.1145/3416507.3423190 | ||||||||||||||||||||||||||||
Page Range: | pp. 15-18 | ||||||||||||||||||||||||||||
Publisher: | ACM | ||||||||||||||||||||||||||||
ISBN: | 978-1-4503-8126-0 | ||||||||||||||||||||||||||||
Status: | Published | ||||||||||||||||||||||||||||
Keywords: | program analysis, provenance, software security, repository mining, open source software, covid-19 | ||||||||||||||||||||||||||||
Event Title: | 3rd ACM SIGSOFT International Workshop on Software Security from Design to Deployment | ||||||||||||||||||||||||||||
Event Location: | Virtual | ||||||||||||||||||||||||||||
Event Type: | Workshop | ||||||||||||||||||||||||||||
Event Dates: | 9. Nov. 2020 | ||||||||||||||||||||||||||||
Organizer: | ACM | ||||||||||||||||||||||||||||
HGF - Research field: | Aeronautics, Space and Transport | ||||||||||||||||||||||||||||
HGF - Program: | Space | ||||||||||||||||||||||||||||
HGF - Program Themes: | other | ||||||||||||||||||||||||||||
DLR - Research area: | Raumfahrt | ||||||||||||||||||||||||||||
DLR - Program: | R - no assignment | ||||||||||||||||||||||||||||
DLR - Research theme (Project): | R - no assignment | ||||||||||||||||||||||||||||
Location: | Jena | ||||||||||||||||||||||||||||
Institutes and Institutions: | Institute of Data Science > Secure Digital Systems Institute for Software Technology > Intelligent and Distributed Systems Institute of Data Science Institute for Software Technology | ||||||||||||||||||||||||||||
Deposited By: | Heinze, Thomas | ||||||||||||||||||||||||||||
Deposited On: | 13 Nov 2020 14:07 | ||||||||||||||||||||||||||||
Last Modified: | 13 Nov 2020 14:07 |
Repository Staff Only: item control page