Secure Software Development

Research on security during software development

Overview

This research explores security during software development by understanding secure code implementation, vulnerability discovery, and vulnerability remediation.

Ongoing Projects

rust code
Understanding the Learning Challenges of Rust

We explored what developers struggle with when learning Rust and how resources support them.

developer
Exploring the Impact of AI on Secure Software Development Studies

We explore how developers and non-developers use LLMs to complete secure software development tasks.

code
Understanding How Developers Evaluate AI-Provided Suggestions for Security

We explored how developers evaluate AI-generated suggestions for security to identify the considerations they made.

Approach

We combine observational studies, experimental studies, interviews, and surveys to provide a wholistic perspective.

Impact

This work provides an understanding of how developers apporach security during development, offering insights into how to promote security.

Related Publications

2025

  1. CCS
    A Qualitative Analysis of Fuzzer Usability and Challenges
    Yunze Zhao, Wentao Guo, Harrison Goldstein, and 3 more authors
    In ACM SIGSAC Conference on Computer and Communications Security, 2025
    PDF

2024

  1. SOUPS
    Write, Read, or Fix? Exploring Alternative Methods for Secure Development Studies
    Kelsey R Fulton, Joseph Lewis, Nathan Malkin, and 1 more author
    In Symposium on Usable Privacy and Security, 2024
    PDF Slides
  2. CSET
    NERDS: A Non-invasive Environment for Remote Developer Studies
    Joseph Lewis and Kelsey R Fulton
    2024
    PDF

2023

  1. S&P
    Vulnerability Discovery for All: Experiences of Marginalization in Vulnerability Discovery
    Kelsey R Fulton, S. Katcher, K. Song, and 4 more authors
    In IEEE Symposium on Security and Privacy, 2023
    PDF Slides

2022

  1. CCS
    Understanding the How and the Why: Exploring Secure Development Practices through a Course Competition
    Kelsey R Fulton, Daniel Votipka, Desiree Abrokwa, and 3 more authors
    In ACM SIGSAC Conference on Computer and Communications Security, 2022
    PDF Slides

2021

  1. SOUPS
    Benefits and Drawbacks of Adopting a Secure Programming Language: Rust as a Case Study
    Kelsey R Fulton, Anna Chan, Daniel Votipka, and 2 more authors
    In Symposium on Usable Privacy and Security, 2021
    PDF Slides

2020

  1. USENIX
    Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix It
    Daniel Votipka, Kelsey R Fulton, James Parker, and 3 more authors
    In USENIX Security Symposium, 2020
    PDF Slides
  2. TOPS
    Build It, Break It, Fix It: Contesting Secure Development
    James Parker, Michael Hicks, Andrew Ruef, and 5 more authors
    TOPS, 2020
    PDF

Image Credits