The Good, the Bad, and the (Un)Usable: A Rapid Literature Review on Privacy as Code
Uloženo v:
| Název: | The Good, the Bad, and the (Un)Usable: A Rapid Literature Review on Privacy as Code |
|---|---|
| Autoři: | Díaz Ferreyra, Nicolás, Arachchilage, Nalin, Scandariato, Riccardo |
| Informace o vydavateli: | 2025. |
| Rok vydání: | 2025 |
| Témata: | automated software engineering | privacy as code | privacy engineering | rapid literature review | usability |
| Popis: | Privacy and security are central to the design of information systems endowed with sound data protection and cyber resilience capabilities. Still, developers often struggle to incorporate these properties into software projects as they either lack proper cybersecurity training or do not consider them a priority. Prior work has tried to support privacy and security engineering activities through threat modeling methods for scrutinizing flaws in system architectures. Moreover, several techniques for the automatic identification of vulnerabilities and the generation of secure code implementations have also been proposed in the current literature. Conversely, such as-code approaches seem under-investigated in the privacy domain, with little work elaborating on (i) the automatic detection of privacy properties in source code or (ii) the generation of privacy-friendly code. In this work, we seek to characterize the current research landscape of Privacy as Code (PaC) methods and tools by conducting a rapid literature review. Our results suggest that PaC research is in its infancy, especially regarding the performance evaluation and usability assessment of the existing approaches. Based on these findings, we outline and discuss prospective research directions concerning empirical studies with software practitioners, the curation of benchmark datasets, and the role of generative AI technologies. |
| Druh dokumentu: | Conference object |
| Jazyk: | English |
| Přístupové číslo: | edsair.dris...01170..6498ee9227688e8da93f2dbbc2ac566b |
| Databáze: | OpenAIRE |
Nájsť tento článok vo Web of Science | FullText | Text: Availability: 0 CustomLinks: – Url: https://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=EBSCO&SrcAuth=EBSCO&DestApp=WOS&ServiceName=TransferToWoS&DestLinkType=GeneralSearchSummary&Func=Links&author=Ferreyra%20D Name: ISI Category: fullText Text: Nájsť tento článok vo Web of Science Icon: https://imagesrvr.epnet.com/ls/20docs.gif MouseOverText: Nájsť tento článok vo Web of Science |
|---|---|
| Header | DbId: edsair DbLabel: OpenAIRE An: edsair.dris...01170..6498ee9227688e8da93f2dbbc2ac566b RelevancyScore: 980 AccessLevel: 3 PubType: Conference PubTypeId: conference PreciseRelevancyScore: 979.736328125 |
| IllustrationInfo | |
| Items | – Name: Title Label: Title Group: Ti Data: The Good, the Bad, and the (Un)Usable: A Rapid Literature Review on Privacy as Code – Name: Author Label: Authors Group: Au Data: <searchLink fieldCode="AR" term="%22Díaz+Ferreyra%2C+Nicolás%22">Díaz Ferreyra, Nicolás</searchLink><br /><searchLink fieldCode="AR" term="%22Arachchilage%2C+Nalin%22">Arachchilage, Nalin</searchLink><br /><searchLink fieldCode="AR" term="%22Scandariato%2C+Riccardo%22">Scandariato, Riccardo</searchLink> – Name: Publisher Label: Publisher Information Group: PubInfo Data: 2025. – Name: DatePubCY Label: Publication Year Group: Date Data: 2025 – Name: Subject Label: Subject Terms Group: Su Data: <searchLink fieldCode="DE" term="%22automated+software+engineering+|+privacy+as+code+|+privacy+engineering+|+rapid+literature+review+|+usability%22">automated software engineering | privacy as code | privacy engineering | rapid literature review | usability</searchLink> – Name: Abstract Label: Description Group: Ab Data: Privacy and security are central to the design of information systems endowed with sound data protection and cyber resilience capabilities. Still, developers often struggle to incorporate these properties into software projects as they either lack proper cybersecurity training or do not consider them a priority. Prior work has tried to support privacy and security engineering activities through threat modeling methods for scrutinizing flaws in system architectures. Moreover, several techniques for the automatic identification of vulnerabilities and the generation of secure code implementations have also been proposed in the current literature. Conversely, such as-code approaches seem under-investigated in the privacy domain, with little work elaborating on (i) the automatic detection of privacy properties in source code or (ii) the generation of privacy-friendly code. In this work, we seek to characterize the current research landscape of Privacy as Code (PaC) methods and tools by conducting a rapid literature review. Our results suggest that PaC research is in its infancy, especially regarding the performance evaluation and usability assessment of the existing approaches. Based on these findings, we outline and discuss prospective research directions concerning empirical studies with software practitioners, the curation of benchmark datasets, and the role of generative AI technologies. – Name: TypeDocument Label: Document Type Group: TypDoc Data: Conference object – Name: Language Label: Language Group: Lang Data: English – Name: AN Label: Accession Number Group: ID Data: edsair.dris...01170..6498ee9227688e8da93f2dbbc2ac566b |
| PLink | https://erproxy.cvtisr.sk/sfx/access?url=https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=edsair&AN=edsair.dris...01170..6498ee9227688e8da93f2dbbc2ac566b |
| RecordInfo | BibRecord: BibEntity: Languages: – Text: English Subjects: – SubjectFull: automated software engineering | privacy as code | privacy engineering | rapid literature review | usability Type: general Titles: – TitleFull: The Good, the Bad, and the (Un)Usable: A Rapid Literature Review on Privacy as Code Type: main BibRelationships: HasContributorRelationships: – PersonEntity: Name: NameFull: Díaz Ferreyra, Nicolás – PersonEntity: Name: NameFull: Arachchilage, Nalin – PersonEntity: Name: NameFull: Scandariato, Riccardo IsPartOfRelationships: – BibEntity: Dates: – D: 01 M: 01 Type: published Y: 2025 Identifiers: – Type: issn-locals Value: edsair |
| ResultId | 1 |