Analyzing Human Dimensions of Software Engineering Processes

Award Information
Agency: Department of Defense
Branch: Defense Advanced Research Projects Agency
Contract: 140D6319C0018
Agency Tracking Number: D2-2185
Amount: $1,499,993.00
Phase: Phase II
Program: SBIR
Solicitation Topic Code: SB172-007
Solicitation Number: 2017.2
Timeline
Solicitation Year: 2017
Award Year: 2019
Award Start Date (Proposal Award Date): 2019-04-29
Award End Date (Contract End Date): 2021-05-29
Small Business Information
6 Bayview Avenue, Northport, NY, 11768
DUNS: 602262222
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Dr. Anita D'Amico
 (631) 759-3909
 anita.damico@securedecisions.com
Business Contact
 Kelly A Bennett
Phone: (631) 593-3920
Email: kelly.bennett@avi.com
Research Institution
N/A
Abstract
The Secure Decisions team will conduct research to: 1) determine how human dimensions of software engineering (SE) processes influence software security and quality; and 2) develop mechanisms for measuring these relationships in both open source and closed (private) development environments. The human dimensions of interest are: characteristics and behaviors of developers and development teams; environmental conditions that affect developers; and the chain of human activities that contribute to the introduction and persistence of vulnerabilities within a software repository. Software security is the primary outcome of interest; quality issues that influence an applications security are also studied. Two types of analyses will be performed on software developed under both open and closed environments: retrospective analyses of existing software repositories to find relationships between human dimensions and software security; and root cause analyses of vulnerabilities in which we will build a timeline of the chain of SE activities that led to the vulnerabilities introduction, persistence, eventual discovery, and remediation. A third type, concurrent analysis, will assess how human dimensions relate to software security using data collected while software is developed in closed environments. Results will be transitioned into commercial services, an open source curated database of vulnerability histories, and other research.

* Information listed above is at the time of submission. *

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government