Volume 11, Number 23, December 2021
Checklist Usage in Secure Software Development
Authors
Zhongwei Teng, Jacob Tate, William Nock, Carlos Olea, Jules White, Vanderbilt University, USA
Abstract
Checklists have been used to increase safety in aviation and help prevent mistakes in surgeries. However, despite the success of checklists in many domains, checklists have not been universally successful in improving safety. A large volume of checklists is being published online for helping software developers produce more secure code and avoid mistakes that lead to cyber-security vulnerabilities. It is not clear if these secure development checklists are an effective method of teaching developers to avoid cyber-security mistakes and reducing coding errors that introduce vulnerabilities. This paper presents in-process research looking at the secure coding checklists available online, how they map to well-known checklist formats investigated in prior human factors research, and unique pitfalls that some secure development checklists exhibit related to decidability, abstraction, and reuse.
Keywords
Checklists, Cyber Security, Software Development.