Sonnekalb, Tim and Heinze, Thomas S. and Kurnatowski, Lynn and Schreiber, Andreas and Gonzalez-Barahona, Jesus M. and Packer, Heather (2020) Towards Automated, Provenance-Driven Security Audit for git-Based Repositories: Applied to Germany's Corona-Warn-App: Vision Paper. In: SEAD 2020 - Proceedings of the 3rd ACM SIGSOFT International Workshop on Software Security from Design to Deployment, Co-located with ESEC/FSE 2020, pp. 15-18. ACM. 3rd ACM SIGSOFT International Workshop on Software Security from Design to Deployment, 2020-11-09, Virtual. doi: 10.1145/3416507.3423190. ISBN 978-1-4503-8126-0.
![]() |
PDF
755kB |
Official URL: https://doi.org/10.1145/3416507.3423190
Abstract
Software repositories contain information about source code, software development processes, and team interactions. We combine provenance of the development process with code security analysis to automatically discover insights. This provides fast feedback on the software's design and security issues, which we evaluate on projects that are developed under time pressure, such as Germany's COVID-19 contact tracing app 'Corona-Warn-App'.
Item URL in elib: | https://elib.dlr.de/137400/ | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Document Type: | Conference or Workshop Item (Speech) | ||||||||||||||||||||||||||||
Title: | Towards Automated, Provenance-Driven Security Audit for git-Based Repositories: Applied to Germany's Corona-Warn-App: Vision Paper | ||||||||||||||||||||||||||||
Authors: |
| ||||||||||||||||||||||||||||
Date: | 2020 | ||||||||||||||||||||||||||||
Journal or Publication Title: | SEAD 2020 - Proceedings of the 3rd ACM SIGSOFT International Workshop on Software Security from Design to Deployment, Co-located with ESEC/FSE 2020 | ||||||||||||||||||||||||||||
Refereed publication: | Yes | ||||||||||||||||||||||||||||
Open Access: | Yes | ||||||||||||||||||||||||||||
Gold Open Access: | No | ||||||||||||||||||||||||||||
In SCOPUS: | Yes | ||||||||||||||||||||||||||||
In ISI Web of Science: | No | ||||||||||||||||||||||||||||
DOI: | 10.1145/3416507.3423190 | ||||||||||||||||||||||||||||
Page Range: | pp. 15-18 | ||||||||||||||||||||||||||||
Publisher: | ACM | ||||||||||||||||||||||||||||
ISBN: | 978-1-4503-8126-0 | ||||||||||||||||||||||||||||
Status: | Published | ||||||||||||||||||||||||||||
Keywords: | program analysis, provenance, software security, repository mining, open source software, covid-19 | ||||||||||||||||||||||||||||
Event Title: | 3rd ACM SIGSOFT International Workshop on Software Security from Design to Deployment | ||||||||||||||||||||||||||||
Event Location: | Virtual | ||||||||||||||||||||||||||||
Event Type: | Workshop | ||||||||||||||||||||||||||||
Event Date: | 9 November 2020 | ||||||||||||||||||||||||||||
Organizer: | ACM | ||||||||||||||||||||||||||||
HGF - Research field: | Aeronautics, Space and Transport | ||||||||||||||||||||||||||||
HGF - Program: | Space | ||||||||||||||||||||||||||||
HGF - Program Themes: | other | ||||||||||||||||||||||||||||
DLR - Research area: | Raumfahrt | ||||||||||||||||||||||||||||
DLR - Program: | R - no assignment | ||||||||||||||||||||||||||||
DLR - Research theme (Project): | R - no assignment | ||||||||||||||||||||||||||||
Location: | Jena | ||||||||||||||||||||||||||||
Institutes and Institutions: | Institute of Data Science > Secure Digital Systems Institute of Software Technology > Intelligent and Distributed Systems Institute of Data Science Institute of Software Technology | ||||||||||||||||||||||||||||
Deposited By: | Heinze, Thomas | ||||||||||||||||||||||||||||
Deposited On: | 13 Nov 2020 14:07 | ||||||||||||||||||||||||||||
Last Modified: | 18 Feb 2025 08:12 |
Repository Staff Only: item control page