Eye tracking technologies to visualize secure coding behavior

Secure coders' experiences and performances vary greatly and any missed security flaws in source code may lead to costly consequences. Their behavior to analyze source code and develop mitigation techniques is not well understood. Our objective is to gain insight into the strategies and techniq...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Array (New York) 2022-09, Vol.15, p.100241, Article 100241
Hauptverfasser: Davis, Daniel Kyle, Zhu, Feng
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Secure coders' experiences and performances vary greatly and any missed security flaws in source code may lead to costly consequences. Their behavior to analyze source code and develop mitigation techniques is not well understood. Our objective is to gain insight into the strategies and techniques from both novice and experienced developers. Proper understanding can help us to inform inexperienced coders to efficiently and accurately approach, discover, and mitigate security flaws. Our research relies upon eye tracking hardware and software to collect and analyze the eye gazes. Unlike existing approaches, we incorporate a wide range of tasks simultaneously reading documentation, writing code, and using security coding analysis tools. We analyze both static and dynamic (interactive) stimuli in a realistic software development environment. Our pictorial visualizations represent a coder's eye gazes that visually demonstrates their behavior and patterns. In addition, we provide the full context of the stimuli that a participant observed. This allows for investigating the behavior at a range of tasks for a single participant and between participants. Our secure coding tasks include reading documentation, reading source code, and writing source code for a web application as well as utilizing security code scanning tools. Our contributions also include (1) novel visualization techniques to present transitions among components within and between applications, and (2) presentations of coders' attention levels during secure coding by investigating the change of pupil sizes. The eye tracking collection and analysis techniques support both modifiable stimuli and stimuli presented in different sequences based upon individual participant's behavior. •Gain Insight into Secure Coders' Behavior and Methodologies Using Eye Trackers.•Visualizations Of Eye Gazes to Understand Approaches to Secure Coding.•Investigate Behavior When Discovering and Mitigating Source Code Flaws.•Evaluation Of Hands-On Secure Coding Learning Modules.•Dynamic Eye-Tracking Stimuli for Realistic Software Development Environment.
ISSN:2590-0056
2590-0056
DOI:10.1016/j.array.2022.100241