Posted on by Achim D. Brucker, licensed under CC BY-ND 4.0.

Data Science for Secure Software Engineering

Analyzing data is an important part of evaluating the effectiveness and efficiency of activities to improve the security of software or to understand the security risk of software systems. Thus, everybody involved in secure software development should have at least a basic understanding of data science techniques.

If you want to learn more about using data science for analyzing your secure software development process, have a look at our book chapter on “Data Analytics for Software Security” [1].

In this chapter, we report on our own experiences in empirical secure software research at, SAP SE, the largest European software vendor. Based on this, we derive actionable recommendations for building the foundations of an expressive data science for software security: we focus on using data analytics for improving the secure software development. Data analytics is the science of examining raw data with the purpose of drawing conclusions about that information using machine learning methods or statistical learning methods. Data analytical techniques have been successfully used in both the cyber-security domain and the software engineering domain. For example, data analytical methods are used to investigate software engineering challenges such as effort prediction. Thus, applying these techniques to the intersection of both areas to help practitioners to develop more secure software with less effort, seems promising.

References

1. Othmane, L. ben, Brucker, A. D., Dashevskyi, S., and Tsalovski, P. “An Introduction to Data Analytics for Software SecurityEmpirical research for software security: Foundations and experience (2017): 69–94. URL: http://www.brucker.ch/bibliography/abstract/othmane.ea-data-analytics-2017