Towards Immediate Feedback for Security Relevant Code in Development Environments

Markus Haug, Ana Cristina Franco da Silva, Stefan Wagner

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Scopus citations


Nowadays, the correct use of cryptography libraries is essential to ensure the necessary information security in different kinds of applications. A common practice in software development is the use of static application security testing (SAST) tools to analyze code regarding security vulnerabilities. Most of these tools are designed to run separately from development environments. Their results are extensive lists of security notifications, which software developers have to inspect manually in a time-consuming follow-up step. To support developers in their tasks of developing secure code, we present an approach for providing them with continuous immediate feedback of SAST tools in integrated development environments (IDEs). Our approach also considers the understandability of security notifications and aims for a user-centered approach that leverages developers’ feedback to build an adaptive system tailored to each individual developer.

Original languageEnglish
Title of host publicationService-Oriented Computing - 16th Symposium and Summer School, SummerSOC 2022, Revised Selected Papers
EditorsJohanna Barzen, Frank Leymann, Schahram Dustdar
PublisherSpringer Science and Business Media Deutschland GmbH
Number of pages8
ISBN (Print)9783031183034
StatePublished - 2022
Externally publishedYes
Event16th Symposium and Summer School on Service-Oriented Computing, SummerSOC 2022 - Hersonissos, Greece
Duration: 3 Jul 20229 Jul 2022

Publication series

NameCommunications in Computer and Information Science
Volume1603 CCIS
ISSN (Print)1865-0929
ISSN (Electronic)1865-0937


Conference16th Symposium and Summer School on Service-Oriented Computing, SummerSOC 2022


  • IDE
  • Notifications
  • SAST
  • Security
  • Software development


Dive into the research topics of 'Towards Immediate Feedback for Security Relevant Code in Development Environments'. Together they form a unique fingerprint.

Cite this