Can vulnerabilities like the Heartbleed Bug be avoided? They can, says Dr. Janet Siegmund, a computer scientist at the University of Passau, but only if the communication is right. Dr. Siegmund and her team are working on a model that predicts the chances of success of a project based on the communication of the involved software developers. The Bavarian State Ministry of Science and the Arts funds this research group in the framework of the Center Digitisation.Bavaria.
It was probably a simple honest mistake that led to one of the biggest vulnerabilities in the history of the Internet: the Heartbleed Bug was likely the result of a programmer’s mistake that remained unnoticed in the software verification. The vulnerability then ended up in the OpenSSL codebase, which, being Open Source software, can be verified by many other programmers. But even here, no-one noticed the bug.
Communication is essential for a project’s success
The team around Dr. Janet Siegmund is currently examining how such errors can happen and is developing a model to avoid them in future in the project PICCARD – Improving Communication and Collaboration of Developers. The scientists are focusing on the communication culture between software developers. Communication is a decisive factor for the success of a project: ‘If people don’t talk to each other, software projects fail’, said Dr. Siegmund.
The model is intended to forecast the success of a whole spectrum of software development projects – from large-scale projects such as operating systems, which involve thousands of people working together on an international scale, to small ones such as smartphone apps. This involves factors that characterise the individual project, such as the project stage, for instance: ‘A security bug requires synchronous, direct communication. When developing a new feature, asynchronous communication is possible, as time is not so critical’, explained Dr. Siegmund. But when the critical stage is reached, all those involved in a project should talk to each other.
Other influencing factors are: the individual characteristics of each team member, which include communication preferences: Do they prefer phone calls? Or communicating by e-mail? Do they dislike videoconferencing? What is the role of such characteristics as personality and social intelligence? These factors, too, contribute significantly to a project’s success.
The team uses the following roadmap for its project:
Involved academics and funding sources
Dr. Janet Siegmund is the principal investigator. One key co-operation partner at the Faculty of Computer Science and Mathematics is Professor Sven Apel, who holds the Chair of Software Engineering. At all stages the team of researchers collaborate with Microsoft Research. The Bavarian State Ministry of Science and the Arts is funding the research project via the Center Digitisation.Bavaria (CD.B) for a term of up to five years.
Funded by the Bavarian State Ministry of Science and the Arts via Center Digitisation.Bavaria
The University is home to two of currently seven CD.B Junior Research Groups: One of these, apart from the group surrounding Dr. Janet Siegmund is the team of academics around Dr Daniel Schnurr, Assistant Professor at the Chair of Internet and Telecommunications Business, who are researching the market power of data in the digital economy from an economic and business perspective (more on this). Moreover, the University was awarded the new Chair of European and International Information and Data Protection Law as part of a CD.B initiative.
About Center Digitisation.Bavaria
The CD.B is tasked with the objectives of further strengthening and bundling the research competencies in Bavaria in the realm of digitalisation, enhancing the co-operation between businesses and academia concerning key topics, intensifying start-up support and guiding the social discourse on topics related to digitalisation. The measures planned by Center Digitisation.Bavaria are implemented throughout Bavaria.
| Principal Investigator(s) at the University | Dr. Janet Siegmund (Lehrstuhl für Software Engineering I) |
|---|---|
| Project period | 01.02.2017 - 31.12.2020 |
| Source of funding |
BayStMWK - Bayerisches Staatsministerium für Wissenschaft und Kunst > BayStMWK - Bayerisches Staatsministerium für Wissenschaft und Kunst - ZentrumDigitalisierung.Bayern ZD.B
|
| Projektnummer | IX.2.M7426.6.4/5/4 |
| Förderhinweis | This project is funded by the Bavarian State Ministry of Education, Science and the Arts in the framework of the Center Digitisation.Bavaria (CD.B). |
