Software Vulnerabilities as Cognitive Blindspots; assessing the suitability of a dual processing theory of decision making for secure coding

Abstract: Security vulnerabilities are present in many software systems, putting those who entrust software with their data in harm’s way. Many vulnerabilities are avoidable since they are not new and are well-described. Despite this awareness, they remain widespread. One hypothesis for their persistence is that they represent software blindspots, problems that are implicit in the mental models of developers and thus escape attention (Brun et al., 2023; Oliveira et al. 2018). Our current understanding of how cognitive i… Show more