Posted on by Achim D. Brucker, licensed under CC BY-ND 4.0.

Data Science for Secure Software Engineering

Analyzing data is an important part of evaluating the effectiveness and efficiency of activities to improve the security of software or to understand the security risk of software systems. Thus, everybody involved in secure software development should have at least a basic understanding of data science techniques.

If you want to learn more about using data science for analyzing your secure software development process, have a look at our book chapter on “Data Analytics for Software Security” [1].

In this chapter, we report on our own experiences in empirical secure software research at, SAP SE, the largest European software vendor. Based on this, we derive actionable recommendations for building the foundations of an expressive data science for software security: we focus on using data analytics for improving the secure software development. Data analytics is the science of examining raw data with the purpose of drawing conclusions about that information using machine learning methods or statistical learning methods. Data analytical techniques have been successfully used in both the cyber-security domain and the software engineering domain. For example, data analytical methods are used to investigate software engineering challenges such as effort prediction. Thus, applying these techniques to the intersection of both areas to help practitioners to develop more secure software with less effort, seems promising.


L. ben Othmane, A. D. Brucker, S. Dashevskyi, and P. Tsalovski, An introduction to data analytics for software security,” in Empirical research for software security: Foundations and experience, L. ben Othmane, M. G. Jaatun, and E. Weippl, Eds. CRC Press, 2017, pp. 69–94.

Welcome to the blog of the Software Assurance & Security Research Team at the University of Exeter. We blog regularly news, tips & tricks, as well as fun facts about software assurance, reliability, security, testing, verification, hacking, and logic.

You can also follow us on Twitter: @logicalhacking.




academia ai android apidesign appsec bitcoin blockchain bpmn browser browserextensions browsersecurity bug certification chrome composition cordova dast devops devsecops dom dsbd efsm epsrc event extensions fixeffort floss formaldocument formalmethods funding hol-ocl hol-testgen humanfactor hybridapps iast industry internetofthings iot isabelle/hol isabelledof isadof latex logic maintance malicous mbst mobile mobile apps modelinference modeling monads monitoring msc ocl ontology opensource owasp patches pet phd phdlife phishing policy protocols publishing reliability research safelinks safety sap sast sdlc secdevops secureprogramming security securityengineering securitytesting semantics servicecomposition skills smartcontract smartthings softwareeinginering softwaresecurity softwaresupplychain solidity staff&positions statemachine studentproject tcb test&proof testing tips&tricks tools transport tuos uk uoe upgrade usability verification vulnerabilities vulnerableapplication webinar websecurity


blog whole site