An intelligent tutoring system for software developers that makes software development more secure and faster

(10-02-2022) Pieter De Cremer has developed an intelligent tutoring system for software developers that makes software more secure right from the development phase.

The automation of security tools in software development has made it possible to detect insecurities faster and earlier in the software development cycle. Nevertheless, there are still (too many) insecurities in almost all types of software. The vast majority of these insecurities are caused by errors in the underlying code.

These insecure patterns in the code have been known for years. Traditional security tools can detect these problems after the code has been developed, but they slow down the development process and prevent regular updates. Moreover, they do not offer specific help in solving the insecurities found. Once the insecurities have been detected, it is up to the developers to resolve them.

On average, companies hire only one security expert for every 75-200 developers. It is simply not possible for this expert to support each of the developers. It is clear that software security is not just the job of the expert anymore. It is not enough to detect insecurities, fewer insecurities must be written.

Every developer who writes code must be responsible for doing so in a secure way from the start.

"That's why I propose a process that pays more attention to the software developer himself, called the paved path methodology. Instead of checking the security of the code afterwards, the code itself is made more secure from the start," explains Pieter.

"In the hardened-road method, developers should not take training that is actually intended for security experts. The purpose of their training is not to learn how to test the security of the software but to teach them the knowledge and skills they need to develop secure code," Pieter continues.

"That's why I developed an intelligent tutoring system and matching algorithm that adapts to the needs of the user, a customized intelligent tutoring system so to speak. In this way, the code will be more secure from the start and the subsequent verification will be less intensive, making the software development process more efficient and faster," concludes Pieter.

Read a more detailed summary or the entire PhD

-

PhD Title: The Paved Path Methodology: A Human-Centered Approach to Software Security

-

Contact: Pieter De Cremer, Bjorn De Sutter

Pieter De Cremer

Pieter De Cremer joined Secure Code Warrior as part of an internship in 2016. Over the next two years, he wrote more than 100 rules for Sensei, their IDE security plugin, and was closely involved in the early designs of this tool. After graduating with a Master in Computer Science Engineering at UGent in 2017, he decided to pursue a Ph.D. Backed by a personal Baekeland mandaat from VLAIO he started his research at SCW and Ghent University, with the aim of contributing to a new era of software security, one that considers developers from the beginning.

Over the next four years, he built his vision of collaboration between developers and the security team. He designed, implemented, and evaluated innovative improvements for both the training and tools provided by SCW. During this time, he published one journal paper, and two position papers. He also built a portfolio of three patents related to his work.

-

Editor: Jeroen Ongenae - Final editing: Ilse Vercruysse - Illustrator: Roger Van Hecke