elib
DLR-Header
DLR-Logo -> http://www.dlr.de
DLR Portal Home | Imprint | Privacy Policy | Contact | Deutsch
Fontsize: [-] Text [+]

Towards Automated, Provenance-Driven Security Audit for git-Based Repositories: Applied to Germany's Corona-Warn-App: Vision Paper

Sonnekalb, Tim and Heinze, Thomas S. and Kurnatowski, Lynn and Schreiber, Andreas and Gonzalez-Barahona, Jesus M. and Packer, Heather (2020) Towards Automated, Provenance-Driven Security Audit for git-Based Repositories: Applied to Germany's Corona-Warn-App: Vision Paper. In: SEAD 2020 - Proceedings of the 3rd ACM SIGSOFT International Workshop on Software Security from Design to Deployment, Co-located with ESEC/FSE 2020, pp. 15-18. ACM. 3rd ACM SIGSOFT International Workshop on Software Security from Design to Deployment, 2020-11-09, Virtual. doi: 10.1145/3416507.3423190. ISBN 978-1-4503-8126-0.

[img] PDF
755kB

Official URL: https://doi.org/10.1145/3416507.3423190

Abstract

Software repositories contain information about source code, software development processes, and team interactions. We combine provenance of the development process with code security analysis to automatically discover insights. This provides fast feedback on the software's design and security issues, which we evaluate on projects that are developed under time pressure, such as Germany's COVID-19 contact tracing app 'Corona-Warn-App'.

Item URL in elib:https://elib.dlr.de/137400/
Document Type:Conference or Workshop Item (Speech)
Title:Towards Automated, Provenance-Driven Security Audit for git-Based Repositories: Applied to Germany's Corona-Warn-App: Vision Paper
Authors:
AuthorsInstitution or Email of AuthorsAuthor's ORCID iDORCID Put Code
Sonnekalb, TimUNSPECIFIEDhttps://orcid.org/0000-0002-0067-1790UNSPECIFIED
Heinze, Thomas S.UNSPECIFIEDUNSPECIFIEDUNSPECIFIED
Kurnatowski, LynnUNSPECIFIEDhttps://orcid.org/0000-0001-5144-702XUNSPECIFIED
Schreiber, AndreasUNSPECIFIEDhttps://orcid.org/0000-0001-5750-5649178306901
Gonzalez-Barahona, Jesus M.UNSPECIFIEDUNSPECIFIEDUNSPECIFIED
Packer, HeatherUNSPECIFIEDUNSPECIFIEDUNSPECIFIED
Date:2020
Journal or Publication Title:SEAD 2020 - Proceedings of the 3rd ACM SIGSOFT International Workshop on Software Security from Design to Deployment, Co-located with ESEC/FSE 2020
Refereed publication:Yes
Open Access:Yes
Gold Open Access:No
In SCOPUS:Yes
In ISI Web of Science:No
DOI:10.1145/3416507.3423190
Page Range:pp. 15-18
Publisher:ACM
ISBN:978-1-4503-8126-0
Status:Published
Keywords:program analysis, provenance, software security, repository mining, open source software, covid-19
Event Title:3rd ACM SIGSOFT International Workshop on Software Security from Design to Deployment
Event Location:Virtual
Event Type:Workshop
Event Date:9 November 2020
Organizer:ACM
HGF - Research field:Aeronautics, Space and Transport
HGF - Program:Space
HGF - Program Themes:other
DLR - Research area:Raumfahrt
DLR - Program:R - no assignment
DLR - Research theme (Project):R - no assignment
Location: Jena
Institutes and Institutions:Institute of Data Science > Secure Digital Systems
Institute of Software Technology > Intelligent and Distributed Systems
Institute of Data Science
Institute of Software Technology
Deposited By: Heinze, Thomas
Deposited On:13 Nov 2020 14:07
Last Modified:18 Feb 2025 08:12

Repository Staff Only: item control page

Browse
Search
Help & Contact
Information
OpenAIRE Validator logo electronic library is running on EPrints 3.3.12
Website and database design: Copyright © German Aerospace Center (DLR). All rights reserved.